CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,380 vulnerabilities with CWE-352
CVE-2018-12659 HIGH
SLiMS 8 Akasia 8.3.1 - Cross-Site Request Forgery via Omitted csrf_token Parameter
CVSS 8.8
CVE-2018-0365 HIGH
Cisco Secure Firewall Management Center - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0364 HIGH
Cisco Unified Communications Domain Manager - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0363 HIGH
Cisco Unified Communications Manager IM & Presence Service - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6563 HIGH
totemo encryption_gateway < 6.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12583 MEDIUM
AKCMS 6.1 - Cross-Site Request Forgery via admincp deleteitem Action
CVSS 6.5
CVE-2018-12582 HIGH
AKCMS 6.1 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2018-6497 HIGH
Micro Focus CMS Server 2018.05 & Universal CMDB Server 10.20-10.33 - Unsafe Deserialization & CSRF
CVSS 8.8
CVE-2018-6496 HIGH
Micro Focus Universal CMDB Browser 4.10-4.15.1 - Unsafe Deserialization and Cross-Site Request Forgery
CVSS 8.8
CVE-2018-12114 HIGH
Maccms 10 - Cross-Site Request Forgery via Admin Account Creation
CVSS 8.8
CVE-2018-12354 HIGH
Knowage 6.1.1 - Cross-Site Request Forgery via Form Submission
CVSS 8.8
CVE-2018-11406 HIGH
Symfony Security 2.7.0-2.7.47 - Cross-Site Request Forgery Token Fixation via Session Invalidation Bypass
CVSS 8.8
CVE-2018-8925 HIGH
Synology Photo Station < 6.3-2975 - Cross-Site Request Forgery via admin/user.php Parameters
CVSS 8.8
CVE-2018-1514 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 10.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-1000195 MEDIUM
Jenkins < 2.120 and LTS < 2.107.2 - Server-Side Request Forgery via ZipExtractionInstaller
CVSS 4.3
CVE-2018-1432 MEDIUM
IBM InfoSphere Information Server <11.7 - XSS
CVSS 6.1
CVE-2018-11680 MEDIUM
CmsEasy 6.1_20180508 - Cross-Site Request Forgery via Rich Text Editor IFRAME Injection
CVSS 6.5
CVE-2018-11679 HIGH
CmsEasy 6.1_20180508 - Cross-Site Request Forgery via Article Addition
CVSS 8.8
CVE-2018-11538 HIGH
Searchblox - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11671 HIGH
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Admin User Addition
CVSS 8.8
CVE-2018-11670 HIGH
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Media File Connect
CVSS 8.8
CVE-2018-11633 MEDIUM
Woo Checkout for Digital Goods 2.1 - Cross-Site Request Forgery in Admin Settings
CVSS 6.5
CVE-2018-11632 MEDIUM
Add Social Share Messenger Buttons Whatsapp and Viber 1.0.8 - Cross-Site Request Forgery via Admin-Post Handler
CVSS 6.5
CVE-2018-11527 HIGH
CScms v4.1 - Cross-Site Request Forgery in Password Change Endpoint
CVSS 8.8
CVE-2018-11501 HIGH
Website Seller Script 2.0.3 - Cross-Site Request Forgery via user_submit.php
CVSS 8.8
Details
Vulnerabilities 9,380
Exploit Likelihood Medium