CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,380 vulnerabilities with CWE-352
CVE-2018-7216 HIGH
Bravo Tejari Procurement Portal - Authenticated Cross-Site Request Forgery in Profile Data Update
CVSS 8.0
CVE-2018-7176 HIGH
FrontAccounting 2.4.3 - Cross-Site Request Forgery via User Permissions Page
CVSS 8.8
CVE-2018-6888 HIGH
Typesetter - Cross-Site Request Forgery
CVSS 8.0
CVE-2018-1000053 HIGH
LimeSurvey 3.0.0-beta.3+17110 - CSRF
CVSS 8.8
CVE-2018-6288 HIGH
Kaspersky Secure Mail Gateway 1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6656 MEDIUM
Z-BlogPHP 1.5.1 - Cross-Site Request Forgery via AppCentre Plugin Deletion
CVSS 6.5
CVE-2018-6467 HIGH
flickrRSS 5.3.1 - Cross-Site Request Forgery via wp-admin/options-general.php
CVSS 8.8
CVE-2018-6651 HIGH
uncurl < 0.07 - Cross-Site Request Forgery via Origin Header Substring Match
CVSS 8.8
CVE-2018-0509 HIGH
kkcald < 0.7.21 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6408 HIGH
Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Cross-Site Request Forgery in hy-cgi/user.cgi
CVSS 8.8
CVE-2018-6391 HIGH
Netis WF2419 V2.2.36123 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6007 HIGH
JS Support Ticket 1.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-5720 HIGH
DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extender RTN2-AW.GD.R3465.1.20161103 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-6357 HIGH
acurax-social-media-widget < 3.2.5 - Cross-Site Request Forgery via recordsArray Parameter
CVSS 8.8
CVE-2018-5976 HIGH
RSVP Invitation Online 1.0 - Cross-Site Request Forgery via account.php
CVSS 8.8
CVE-2018-5969 HIGH
Photography CMS 1.0 - Cross-Site Request Forgery via ajax_new_admin.php
CVSS 8.8
CVE-2018-1000014 HIGH
Jenkins Translation Assistance Plugin < 1.15 - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-1000013 HIGH
Jenkins Release Plugin < 2.9 - Cross-Site Request Forgery via Form Submission
CVSS 8.8
CVE-2018-6009 HIGH
Yii Framework 2.x <2.0.14 - CSRF
CVSS 8.8
CVE-2018-0107 HIGH
Cisco Prime Service Catalog - Cross-Site Request Forgery
CVSS 8.8
CVE-2018-5329 HIGH
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 - CSRF
CVSS 8.8
CVE-2018-5673 HIGH
WordPress booking-calendar <2.1.7 - CSRF
CVSS 8.8
CVE-2018-5669 HIGH
read-and-understood 2.1 - Cross-Site Request Forgery via wp-admin/options-general.php
CVSS 8.8
CVE-2018-5658 HIGH
Responsive Coming Soon Page <1.1.18 - CSRF
CVSS 8.8
CVE-2018-5656 HIGH
weblizar-pinterest-feeds <1.1.1 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,380
Exploit Likelihood Medium