CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,380 vulnerabilities with CWE-352
CVE-2018-7677 LOW
NetIQ Access Manager 4.4 - Cross-Site Request Forgery in Identity Server
CVSS 3.5
CVE-2018-1000093 HIGH
CryptoNote < 0.8.9 - Unauthenticated Remote Code Execution via JSON-RPC
CVSS 8.8
CVE-2018-1000092 HIGH
CMS Made Simple 2.2.5 - Cross-Site Request Forgery in Admin Profile Page
CVSS 8.8
CVE-2018-1000086 HIGH
NPR Visuals Team Pym.js <1.3.2 - CSRF
CVSS 8.8
CVE-2018-1000082 HIGH
Ajenti 2 - Cross-Site Request Forgery in Command Execution Panel
CVSS 8.8
CVE-2018-1442 MEDIUM
IBM Monitoring 8.1.4 - Cross-Site Request Forgery
CVSS 4.3
CVE-2018-0216 MEDIUM
Cisco Identity Services Engine - Cross-Site Request Forgery
CVSS 5.4
CVE-2018-0215 MEDIUM
Cisco Identity Services Engine - Cross-Site Request Forgery
CVSS 6.3
CVE-2018-0210 HIGH
Cisco Data Center Network Manager - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-7565 HIGH
Polycom QDX 6000 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-7746 HIGH
Western Bridge Cobub Razor 0.7.2 - Stored XSS
CVSS 8.8
CVE-2018-7720 HIGH
Western Bridge Cobub Razor 0.7.2 - CSRF
CVSS 8.8
CVE-2018-7733 HIGH
YxtCMF < 3.1 - Cross-Site Request Forgery via User Addition
CVSS 8.8
CVE-2018-7724 MEDIUM
Piwigo 2.9.3 - Stored Cross-Site Scripting via Name Parameter
CVSS 5.4
CVE-2018-7307 HIGH
auth0.js < 9.3 - Cross-Site Request Forgery via Missing State Parameter
CVSS 8.8
CVE-2018-7634 HIGH
Tuleap 9.17 - Cross-Site Request Forgery in Email Change Functionality
CVSS 8.8
CVE-2018-7590 HIGH
Hoosk 1.7.0 - Cross-Site Request Forgery via User Creation Endpoint
CVSS 8.8
CVE-2018-0520 HIGH
FS010W Firmware <= FS010W_00_V1.3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0148 HIGH
Cisco UCS Director - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-0146 MEDIUM
Cisco Data Center Analytics Framework - Cross-Site Request Forgery
CVSS 5.4
CVE-2018-7308 HIGH
hosting_project hosting < 2018-02-11 - Cross-Site Request Forgery in files.php
CVSS 8.8
CVE-2018-7305 MEDIUM
MyBB 1.8.14 - Cross-Site Request Forgery
CVSS 4.9
CVE-2018-6941 HIGH
nat32 v2.2 Build 22284 - Cross-Site Request Forgery via /shell?cmd= Endpoint
CVSS 8.8
CVE-2018-6940 MEDIUM
nat32 - Remote Code Execution via /shell?cmd= XSS and CSRF
CVSS 6.1
CVE-2018-7219 HIGH
NoneCms 1.3.0 - Cross-Site Request Forgery via Admin Password Change
CVSS 8.8
Details
Vulnerabilities 9,380
Exploit Likelihood Medium