CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-8328 HIGH
Securifi Almond AL-R096 - Cross-Site Request Forgery in Password Change
CVSS 8.8
CVE-2017-9381 HIGH
Vera VeraEdge <1.7.19, Veralite <1.7.481 - CSRF
CVSS 8.8
CVE-2017-12789 HIGH
Metinfo 5.3.18 - Cross-Site Request Forgery in admin/interface/online/delete.php
CVSS 8.8
CVE-2017-12790 MEDIUM
Metinfo 5.3.18 - Cross-Site Request Forgery in admin/index.php
CVSS 6.5
CVE-2017-18366 HIGH
Subrion CMS 4.1.5 - Cross-Site Request Forgery in Blog Delete Endpoint
CVSS 8.8
CVE-2017-17835 HIGH
Apache Airflow < 1.8.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-17550 HIGH
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 - Cross-Site Request Forgery via User Account Addition
CVSS 8.8
CVE-2017-15608 MEDIUM
Inedo ProGet < 5.0.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2017-3187 HIGH
dotcms < 3.7.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5394 HIGH
Firefox < 51.0 - Location Bar Spoofing via Fullscreen Mode
CVSS 8.8
CVE-2017-7906 HIGH
ABB IP Gateway Firmware < 3.39 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7635 HIGH
QNAP NAS Proxy Server < 1.3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9641 HIGH
PI Coresight < 2016-r2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2613 MEDIUM
Jenkins < 2.44 and < 2.32.2 - User Creation CSRF via GET Request
CVSS 5.4
CVE-2017-12126 HIGH
Moxa EDR-810 Firmware V4.1 build 17030317 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-0362 HIGH
MediaWiki < 1.23.16 - Cross-Site Request Forgery via Watchlist Mark All Pages Visited
CVSS 8.8
CVE-2017-3965 HIGH
McAfee Network Security Manager < 8.2.7.42.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-0933 HIGH
Ubiquiti Networks EdgeOS <1.9.1 - CSRF
CVSS 8.0
CVE-2017-7641 HIGH
QNAP NAS - Media Streaming <430.1.2.0 - CSRF
CVSS 8.8
CVE-2017-11649 HIGH
DrayTek Vigor AP910C <1.2.0_RC3 - CSRF
CVSS 8.8
CVE-2017-12415 HIGH
OXID eShop <6.0.0 RC2, <4.10.5, <4.9.10 - CSRF
CVSS 7.5
CVE-2017-16756 HIGH
HelpSpot < 4.7.2 - Cross-Site Request Forgery via Password Change Endpoint
CVSS 8.8
CVE-2017-5796 HIGH
HP J9627a Firmware < ra.15.15.0014 - CSRF
CVSS 8.8
CVE-2017-5781 HIGH
HPE Matrix Operating Environment v7.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9963 HIGH
PowerSCADA Anywhere 1.0 - Cross-Site Request Forgery in Secure Gateway
CVSS 8.1
Details
Vulnerabilities 9,381
Exploit Likelihood Medium