CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,380 vulnerabilities with CWE-352
CVE-2018-11500 HIGH
PublicCMS V4.0.20180210 - Cross-Site Request Forgery in Admin User Save Endpoint
CVSS 8.8
CVE-2018-11493 HIGH
Wuzhicms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11445 HIGH
EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page
CVSS 8.8
CVE-2018-11442 HIGH
EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation
CVSS 8.8
CVE-2018-11405 HIGH
Kliqqi Cms - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11371 HIGH
SkyCaiji 1.2 - Cross-Site Request Forgery to Add Administrator
CVSS 8.8
CVE-2018-11096 MEDIUM
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
CVSS 6.5
CVE-2018-11092 MEDIUM
Admin Notes 1.1 - Cross-Site Request Forgery via Clear Table Action
CVSS 6.5
CVE-2018-1434 HIGH
IBM SAN Volume Controller and Storwize 6.1.0.0-7.5.0.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0270 HIGH
Cisco IoT Field Network Director - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-11127 MEDIUM
e107 2.1.7 - Cross-Site Request Forgery resulting in Arbitrary User Deletion
CVSS 6.5
CVE-2018-11126 HIGH
doorGets 7.0 - Cross-Site Request Forgery via User Add Controller
CVSS 8.8
CVE-2018-11018 HIGH
PbootCMS 1.0.7 - Cross-Site Request Forgery in Role Controller
CVSS 8.8
CVE-2018-11004 HIGH
SDcms 1.5 - Cross-Site Request Forgery in Admin Controller
CVSS 8.8
CVE-2018-11003 MEDIUM
YXcms 1.4.7 - Cross-Site Request Forgery via adminController.php
CVSS 6.5
CVE-2018-6458 HIGH
Easy Hosting Control Panel 0.37.12.b - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6023 HIGH
Fastweb FASTgate 0.00.47 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-10803 MEDIUM
ManageEngine NetFlow Analyzer 12.3-12.3.125 - Stored Cross-Site Scripting via Credential Description
CVSS 6.1
CVE-2018-10957 HIGH
D-Link DIR-868L Firmware - Cross-Site Request Forgery via hedwig.cgi and pigwidgeon.cgi
CVSS 8.8
CVE-2018-10806 MEDIUM
Frogcms - Cross-Site Request Forgery
CVSS 5.4
CVE-2018-10758 MEDIUM
Datenstrom Yellow 0.7.3 - Cross-Site Request Forgery via Edit URI Delete Action
CVSS 6.5
CVE-2018-10166 HIGH
TP-Link EAP/Omada Controller <2.6.0 - CSRF
CVSS 8.8
CVE-2018-10554 MEDIUM
Nagios XI 5.4.13 - Cross-Site Scripting via CSRF
CVSS 5.4
CVE-2018-10503 HIGH
baijiacms V4 <v4_1_4_20170105 - CSRF
CVSS 8.8
CVE-2018-1479 HIGH
IBM BigFix Platform 9.2-9.5 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,380
Exploit Likelihood Medium