CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,379 vulnerabilities with CWE-352
CVE-2018-13793
HIGH
ABBYY FlexiCapture - Cross-Site Request Forgery in HTTP API
CVSS 8.8
CVE-2018-13445
HIGH
SeaCMS 6.61 - Cross-Site Request Forgery via admin_manager.php
CVSS 8.8
CVE-2018-13444
HIGH
SeaCMS 6.61 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-11349
HIGH
jirafeau < 3.4.1 - Cross-Site Request Forgery in Administration Panel Search
CVSS 8.8
CVE-2018-13407
MEDIUM
jirafeau < 3.4.1 - Cross-Site Request Forgery in Admin Delete File Feature
CVSS 4.9
CVE-2018-13340
HIGH
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Page Add Request
CVSS 8.8
CVE-2018-13031
HIGH
DamiCMS 6.0.0 and 6.1.0 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-12739
HIGH
BEESCMS 4.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11636
HIGH
Dialogic PowerMedia XMS <= 3.5 - Cross-Site Request Forgery in Administrative Console
CVSS 8.8
CVE-2018-13067
HIGH
OpenCart < 3.0.2.0 - Cross-Site Request Forgery via Password Change Endpoint
CVSS 8.8
CVE-2018-12574
HIGH
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12529
HIGH
Intex N150 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-13040
HIGH
OpenSID 18.06-pasca - Cross-Site Request Forgery via User Account Creation
CVSS 8.8
CVE-2018-13032
HIGH
ECESSA ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery via cgi-bin/pl_web.cgi/util_configlogin_act
CVSS 8.8
CVE-2018-13010
HIGH
WSTMall v1.9.1_170316 - Cross-Site Request Forgery via Admin User Edit Endpoint
CVSS 8.8
CVE-2018-12971
MEDIUM
EasyCMS 1.3 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 6.5
CVE-2018-11448
MEDIUM
SCALANCE M875 - Authenticated Stored Cross-Site Scripting via Web Interface
CVSS 4.8
CVE-2018-11447
HIGH
SCALANCE M875 - Cross-Site Request Forgery via Web Interface
CVSS 8.8
CVE-2018-1000514
MEDIUM
LimeSurvey 3.0.0-beta.3+17110 - Cross-Site Request Forgery in Boxes
CVSS 4.3
CVE-2018-1000507
MEDIUM
WP User Groups 2.0.0 - Cross-Site Request Forgery in Settings Page
CVSS 6.5
CVE-2018-1000506
HIGH
Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery in Settings Page
CVSS 8.8
CVE-2018-1000505
MEDIUM
Tooltipy 5 - Cross-Site Request Forgery in Settings Page
CVSS 6.5
CVE-2018-12603
HIGH
LFCMS 3.7.0 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-12602
HIGH
LFCMS 3.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12659
HIGH
SLiMS 8 Akasia 8.3.1 - Cross-Site Request Forgery via Omitted csrf_token Parameter
CVSS 8.8
Details
Vulnerabilities
9,379
Exploit Likelihood
Medium