CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,381 vulnerabilities with CWE-352
CVE-2017-17891
HIGH
readymade_video_sharing_script - Cross-Site Request Forgery via user-profile-edit.php
CVSS 8.8
CVE-2017-17830
MEDIUM
Bus Booking Script - Cross-Site Request Forgery via admin/new_master.php
CVSS 6.8
CVE-2017-17827
HIGH
Piwigo 2.9.2 - Cross-Site Request Forgery via Admin Configuration or Batch Manager
CVSS 8.8
CVE-2017-5263
HIGH
Cambium Networks cnPilot <4.3.2-R4 - CSRF
CVSS 8.0
CVE-2017-1746
HIGH
IBM Jazz for Service Management 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-1631
HIGH
IBM Jazz for Service Management 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-17774
HIGH
Piwigo 2.9.2 - Cross-Site Request Forgery in admin/configuration.php
CVSS 8.8
CVE-2017-14092
HIGH
Trend Micro ScanMail for Exchange 12.0 - CSRF
CVSS 8.8
CVE-2017-5264
HIGH
Rapid7 Nexpose < 6.4.66 - Cross-Site Request Forgery in Automated Actions
CVSS 8.8
CVE-2017-14362
HIGH
Micro Focus Project and Portfolio Management Center 9.32 - Cross-Site Request Forgery
CVSS 7.3
CVE-2017-17056
HIGH
ZKTime Web Software 2.0.1.12280 - Privilege Escalation
CVSS 8.8
CVE-2017-12631
HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-8138
HIGH
HedEx Lite < V200R006C00 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-4928
HIGH
VMware vCenter Server < 6.0 U3c - Server-Side Request Forgery and CRLF Injection via Flash-based vSphere Web Client
CVSS 7.5
CVE-2017-1000224
MEDIUM
YouTube WordPress Plugin < 11.8.1 - Unauthenticated Cross-Site Request Forgery
CVSS 6.5
CVE-2017-15516
HIGH
NetApp SnapCenter Server 1.1-2.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7851
HIGH
D-Link DCS-936L < 1.05.07 - Cross-Site Request Forgery via Referer Header Validation Bypass
CVSS 8.8
CVE-2017-11876
HIGH
Microsoft Project Server 2016 - CSRF
CVSS 8.8
CVE-2017-16780
CRITICAL
MyBB < 1.8.12 - Remote Code Execution via Installer Configuration File Write
CVSS 9.8
CVE-2017-16570
HIGH
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery via Missing x-csrf-token Header
CVSS 8.8
CVE-2017-16565
HIGH
Grandstream HT802 Firmware - Cross-Site Request Forgery via Login Screen
CVSS 8.8
CVE-2017-16563
HIGH
Grandstream HT802 Firmware - Cross-Site Request Forgery in Basic Settings Screen
CVSS 8.0
CVE-2017-1000147
MEDIUM
Mahara <1.9.8, <1.10.6, <15.04.3 - CSRF
CVSS 6.8
CVE-2017-1300
HIGH
IBM OpenPages GRC Platform <7.4 - CSRF
CVSS 8.8
CVE-2017-1000244
HIGH
Jenkins Favorite Plugin <2.2.0 - CSRF
CVSS 8.8
Details
Vulnerabilities
9,381
Exploit Likelihood
Medium