CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-14963 HIGH
zzcms 8.3 - Cross-Site Request Forgery via admin/adminadd.php
CVSS 8.8
CVE-2018-14960 HIGH
Xiao5uCompany 1.7 - Cross-Site Request Forgery via admin/Admin.asp
CVSS 8.8
CVE-2018-14959 HIGH
WeaselCMS 0.3.5 - Cross-Site Request Forgery via Page Creation
CVSS 8.8
CVE-2018-14958 HIGH
WeaselCMS 0.3.5 - Cross-Site Request Forgery via index.php
CVSS 8.8
CVE-2018-14926 HIGH
Matera Banco 1.0.0 - Cross-Site Request Forgery via messageSendHandler.jsp
CVSS 8.8
CVE-2018-14910 HIGH
SeaCMS v6.61 - Remote Code Execution via IP Address Field
CVSS 8.8
CVE-2018-14908 HIGH
Samsung Syncthru Web Service V4.05.61 - CSRF
CVSS 8.8
CVE-2018-0413 HIGH
Cisco Identity Services Engine Software - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-1999027 HIGH
Jenkins SaltStack Plugin <3.1.6 - Info Disclosure
CVSS 7.5
CVE-2018-14603 HIGH
GitLab <10.8.7, <11.0.5, <11.1.2 - CSRF
CVSS 8.8
CVE-2018-14583 HIGH
xyhcms 3.5 - Cross-Site Request Forgery via Auth/addUser Endpoint
CVSS 8.8
CVE-2018-14582 HIGH
BageCMS V3.1.3 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2018-14421 HIGH
SeaCMS v6.61 - Remote Code Execution via Movie Picture Address
CVSS 8.8
CVE-2018-14420 HIGH
Metinfo 6.0.0 - Cross-Site Request Forgery via doaddsave Action
CVSS 8.8
CVE-2018-0402 HIGH
Cisco Unified Contact Center Express - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-14331 HIGH
XiaoCms X1 v20140305 - Cross-Site Request Forgery via Password Change
CVSS 8.8
CVE-2018-14069 HIGH
SRCMS V2.3.1 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-14068 HIGH
SRCMS 2.3.1 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-1000206 HIGH
JFrog Artifactory 5.11.0-6.0.x - Cross-Site Request Forgery via Flash Component
CVSS 8.8
CVE-2018-14029 HIGH
wityCMS 0.6.2 - Cross-Site Request Forgery in Admin User Edit
CVSS 8.8
CVE-2018-14014 HIGH
waimai Super Cms 20150505 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-12540 HIGH
Eclipse Vert.x 3.0.0-3.5.2 - Cross-Site Request Forgery via XSRF Token Replay
CVSS 8.8
CVE-2018-10895 CRITICAL
qutebrowser < 1.4.1 - Cross-Site Request Forgery via qute:// URL Scheme
CVSS 9.3
CVE-2018-10232 MEDIUM
TOPdesk < 8.05.017 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-13989 HIGH
Grundig Smart Inter@ctive TV 3.0 - Cross-Site Request Forgery via TCP Port 8085
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium