CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,380 vulnerabilities with CWE-352
CVE-2018-9923 HIGH
icms < 7.0.7 - Cross-Site Request Forgery via admincp.php Article Save
CVSS 8.8
CVE-2018-9856 HIGH
Kotti < 1.3.2 and 2.x < 2.0.0b2 - Cross-Site Request Forgery via Local Roles Implementation
CVSS 8.8
CVE-2018-1000153 HIGH
Jenkins vSphere Plugin <2.16 - CSRF
CVSS 8.8
CVE-2018-6874 HIGH
auth0.js < 8.12.1 and npm/auth0-js < 9.0.0 - Cross-Site Request Forgery via Legacy Lock API
CVSS 8.8
CVE-2018-8814 MEDIUM
WolfCMS 0.8.3.1 - Cross-Site Request Forgery in Plugin Settings
CVSS 6.5
CVE-2018-1098 HIGH
etcd < 3.3.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-8908 HIGH
Frog CMS 0.9.5 - Cross-Site Request Forgery in User Addition
CVSS 8.8
CVE-2018-8893 HIGH
Z-BlogPHP 1.5.1 Zero - Cross-Site Request Forgery in plugin_edit.php
CVSS 8.8
CVE-2018-9134 HIGH
DedeCMS 5.7 - Cross-Site Request Forgery via File Rename Action
CVSS 8.8
CVE-2018-9108 HIGH
QuickAppsCMS 2.0.0-beta2 - Unauthenticated Cross-Site Request Forgery in Admin User Addition
CVSS 8.8
CVE-2018-9092 HIGH
MiniCMS 1.10 - Cross-Site Request Forgery in Admin Configuration
CVSS 8.8
CVE-2018-7700 HIGH
dedecms 5.7 - Cross-Site Request Forgery to Remote Code Execution via partcode Parameter
CVSS 8.8
CVE-2018-8764 HIGH
Roland Gruber Softwareentwicklung LDAP Account Manager <6.3 - CSRF
CVSS 8.8
CVE-2018-8718 HIGH
Mailer Plugin 1.20 for Jenkins 2.111 - CSRF
CVSS 8.0
CVE-2018-1213 HIGH
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
CVSS 8.8
CVE-2018-8979 HIGH
Open-audit - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-8817 HIGH
Wampserver < 3.1.3 - Cross-Site Request Forgery via add_vhost.php
CVSS 8.8
CVE-2018-8972 HIGH
CWCMS < 2017-07-28 - Cross-Site Request Forgery in Site Configuration Update
CVSS 8.8
CVE-2018-1000137 HIGH
scilico i_librarian < 4.8 - Cross-Site Request Forgery in users.php
CVSS 8.8
CVE-2018-7524 HIGH
Geutebruck G-Cam/EFD-2250 1.12.0.4 and TopFD-2125 3.15.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-1230 HIGH
Spring Batch Admin - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-8811 HIGH
OpenCMS 10.5.3 - Cross-Site Request Forgery in User Role Management
CVSS 8.8
CVE-2018-6224 HIGH
Trend Micro Email Encryption Gateway 5.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-8717 HIGH
joyplus-cms 1.6.0 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2018-7701 MEDIUM
SecurEnvoy SecurMail <9.2.501 - CSRF
CVSS 6.5
Details
Vulnerabilities 9,380
Exploit Likelihood Medium