CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-17552 HIGH
ManageEngine ADManager Plus < 6.6 - Cross-Site Request Forgery via LoadFrame src Parameter
CVSS 8.8
CVE-2017-9414 HIGH
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Subscription
CVSS 8.8
CVE-2017-18080 HIGH
Atlassian Bamboo < 6.3.1 - Cross-Site Request Forgery via saveConfigureSecurity Resource
CVSS 8.8
CVE-2017-18042 HIGH
Atlassian Bamboo < 6.3.1 - Cross-Site Request Forgery in User Administration Resource
CVSS 8.8
CVE-2017-1000356 HIGH
Jenkins <2.56 & <2.46.1 LTS - Privilege Escalation
CVSS 8.8
CVE-2017-4951 HIGH
VMware AirWatch Console <9.2.2, <9.1.5 - CSRF
CVSS 8.8
CVE-2017-1000504 HIGH
Jenkins < 2.89.1, < 2.94, >=2.81 <2.89.2 - Cross-Site Request Forgery via Race Condition During Startup
CVSS 8.1
CVE-2017-1769 HIGH
IBM Business Process Manager 8.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-18033 MEDIUM
Jira < 7.6.1 - Cross-Site Request Forgery in Jira-importers-plugin
CVSS 6.5
CVE-2017-16886 HIGH
FiberHome Mobile WIFI Device - CSRF
CVSS 8.8
CVE-2017-16862 MEDIUM
Atlassian Jira < 7.6.2 - Cross-Site Request Forgery in IncomingMailServers Resource
CVSS 4.3
CVE-2017-1672 HIGH
IBM Tivoli Key Lifecycle Manager <2.8 - CSRF
CVSS 8.8
CVE-2017-1000479 HIGH
pfSense < 2.4.2 - Clickjacking via CSRF Error Page
CVSS 8.8
CVE-2017-1000499 HIGH
phpMyAdmin 4.7.0-4.7.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-1000432 HIGH
Vanilla Forums < 2.1.5 - Cross-Site Request Forgery Leading to Topic and Comment Deletion
CVSS 8.0
CVE-2017-17990 HIGH
Biometric Shift Employee Management System - Cross-Site Request Forgery via index.php edit_holiday Action
CVSS 8.8
CVE-2017-17982 MEDIUM
Muslim Matrimonial Script - Cross-Site Request Forgery via admin/subadmin_edit.php
CVSS 6.8
CVE-2017-17960 HIGH
PHP Multivendor Ecommerce - Cross-Site Request Forgery via admin/sellerupd.php
CVSS 8.8
CVE-2017-17939 HIGH
Single Theater Booking Script - Cross-Site Request Forgery via admin/sitesettings.php
CVSS 8.8
CVE-2017-17936 HIGH
Vanguard Marketplace Digital Products PHP < 1.9 - Cross-Site Request Forgery via Search Endpoint
CVSS 8.8
CVE-2017-17930 HIGH
Professional Service Script - Cross-Site Request Forgery via admin/general_settingupd.php
CVSS 8.8
CVE-2017-17908 HIGH
Responsive Realestate Script - Cross-Site Request Forgery via admin/general
CVSS 8.8
CVE-2017-17905 HIGH
Car Rental Script - Cross-Site Request Forgery via admin/sitesettings.php
CVSS 8.8
CVE-2017-17903 HIGH
FS Lynda Clone - Cross-Site Request Forgery via user/edit_profile
CVSS 8.8
CVE-2017-17894 HIGH
Readymade Job Site Script - Cross-Site Request Forgery via /job URI
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium