CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-18768 HIGH
NETGEAR EX6100/EX6150/EX6200/EX6400/EX7300/WN3000RP Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18782 HIGH
NETGEAR Multiple Routers - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18781 HIGH
NETGEAR Multiple Routers - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18775 HIGH
NETGEAR R6100/R7500/WNDR3700/WNDR4300/WNDR4500/WNR2000 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18791 HIGH
NETGEAR Multiple Routers CSRF Vulnerability
CVSS 8.8
CVE-2017-18848 HIGH
NETGEAR R6300v2/R7300/R8500/AC1450 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18842 HIGH
NETGEAR R7300/R8500/DGN2200/D2200D Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18852 HIGH
NETGEAR R7300DST/R8300/R8500/WNDR3400v3 - Cross-Site Request Forgery and Authentication Bypass
CVSS 8.8
CVE-2017-18107 MEDIUM
Atlassian Crowd < 3.1.1 - Cross-Site Request Forgery in Demo Application
CVSS 6.5
CVE-2017-18607 HIGH
Avada < 5.1.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18521 HIGH
democracy_poll < 5.4 - Cross-Site Request Forgery via l10n Subpage
CVSS 8.8
CVE-2017-18523 HIGH
WordPress eelv-newsletter <4.6.1 - CSRF
CVSS 8.8
CVE-2017-18569 HIGH
my_wp_translate < 1.0.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18547 HIGH
Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery in Experiment Forms
CVSS 8.8
CVE-2017-18546 HIGH
jayj-quicktag < 1.3.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18544 HIGH
invite_anyone < 1.3.16 - Cross-Site Request Forgery in Admin Panel
CVSS 8.8
CVE-2017-18513 HIGH
WordPress Responsive Menu <3.1.4 - CSRF
CVSS 8.8
CVE-2017-18512 HIGH
Newsletter-by-Supsystic <1.1.8 - CSRF
CVSS 8.8
CVE-2017-18511 HIGH
WordPress Custom-Sidebars <3.0.8.1 - CSRF
CVSS 8.8
CVE-2017-18510 HIGH
WordPress custom-sidebars <3.1.0 - CSRF
CVSS 8.8
CVE-2017-18504 HIGH
twitter-cards-meta < 2.5.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18485 MEDIUM
Cognitoys Dino Firmware - Cross-Site Request Forgery via profiles_add.html
CVSS 5.4
CVE-2017-8406 HIGH
D-Link DCS-1130 Firmware - Cross-Site Request Forgery and Credential Exposure via Unrestricted crossdomain.xml
CVSS 8.8
CVE-2017-8407 HIGH
D-Link DCS-1130 Firmware - Cross-Site Request Forgery in Password Change
CVSS 8.8
CVE-2017-8334 HIGH
Securifi Almond AL-R096 - Cross-Site Request Forgery
CVSS 8.0
Details
Vulnerabilities 9,381
Exploit Likelihood Medium