CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,379 vulnerabilities with CWE-352
CVE-2018-13793 HIGH
ABBYY FlexiCapture - Cross-Site Request Forgery in HTTP API
CVSS 8.8
CVE-2018-13445 HIGH
SeaCMS 6.61 - Cross-Site Request Forgery via admin_manager.php
CVSS 8.8
CVE-2018-13444 HIGH
SeaCMS 6.61 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-11349 HIGH
jirafeau < 3.4.1 - Cross-Site Request Forgery in Administration Panel Search
CVSS 8.8
CVE-2018-13407 MEDIUM
jirafeau < 3.4.1 - Cross-Site Request Forgery in Admin Delete File Feature
CVSS 4.9
CVE-2018-13340 HIGH
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Page Add Request
CVSS 8.8
CVE-2018-13031 HIGH
DamiCMS 6.0.0 and 6.1.0 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-12739 HIGH
BEESCMS 4.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11636 HIGH
Dialogic PowerMedia XMS <= 3.5 - Cross-Site Request Forgery in Administrative Console
CVSS 8.8
CVE-2018-13067 HIGH
OpenCart < 3.0.2.0 - Cross-Site Request Forgery via Password Change Endpoint
CVSS 8.8
CVE-2018-12574 HIGH
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12529 HIGH
Intex N150 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-13040 HIGH
OpenSID 18.06-pasca - Cross-Site Request Forgery via User Account Creation
CVSS 8.8
CVE-2018-13032 HIGH
ECESSA ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery via cgi-bin/pl_web.cgi/util_configlogin_act
CVSS 8.8
CVE-2018-13010 HIGH
WSTMall v1.9.1_170316 - Cross-Site Request Forgery via Admin User Edit Endpoint
CVSS 8.8
CVE-2018-12971 MEDIUM
EasyCMS 1.3 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 6.5
CVE-2018-11448 MEDIUM
SCALANCE M875 - Authenticated Stored Cross-Site Scripting via Web Interface
CVSS 4.8
CVE-2018-11447 HIGH
SCALANCE M875 - Cross-Site Request Forgery via Web Interface
CVSS 8.8
CVE-2018-1000514 MEDIUM
LimeSurvey 3.0.0-beta.3+17110 - Cross-Site Request Forgery in Boxes
CVSS 4.3
CVE-2018-1000507 MEDIUM
WP User Groups 2.0.0 - Cross-Site Request Forgery in Settings Page
CVSS 6.5
CVE-2018-1000506 HIGH
Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery in Settings Page
CVSS 8.8
CVE-2018-1000505 MEDIUM
Tooltipy 5 - Cross-Site Request Forgery in Settings Page
CVSS 6.5
CVE-2018-12603 HIGH
LFCMS 3.7.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-12602 HIGH
LFCMS 3.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12659 HIGH
SLiMS 8 Akasia 8.3.1 - Cross-Site Request Forgery via Omitted csrf_token Parameter
CVSS 8.8
Details
Vulnerabilities 9,379
Exploit Likelihood Medium