CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-17891 HIGH
readymade_video_sharing_script - Cross-Site Request Forgery via user-profile-edit.php
CVSS 8.8
CVE-2017-17830 MEDIUM
Bus Booking Script - Cross-Site Request Forgery via admin/new_master.php
CVSS 6.8
CVE-2017-17827 HIGH
Piwigo 2.9.2 - Cross-Site Request Forgery via Admin Configuration or Batch Manager
CVSS 8.8
CVE-2017-5263 HIGH
Cambium Networks cnPilot <4.3.2-R4 - CSRF
CVSS 8.0
CVE-2017-1746 HIGH
IBM Jazz for Service Management 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-1631 HIGH
IBM Jazz for Service Management 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-17774 HIGH
Piwigo 2.9.2 - Cross-Site Request Forgery in admin/configuration.php
CVSS 8.8
CVE-2017-14092 HIGH
Trend Micro ScanMail for Exchange 12.0 - CSRF
CVSS 8.8
CVE-2017-5264 HIGH
Rapid7 Nexpose < 6.4.66 - Cross-Site Request Forgery in Automated Actions
CVSS 8.8
CVE-2017-14362 HIGH
Micro Focus Project and Portfolio Management Center 9.32 - Cross-Site Request Forgery
CVSS 7.3
CVE-2017-17056 HIGH
ZKTime Web Software 2.0.1.12280 - Privilege Escalation
CVSS 8.8
CVE-2017-12631 HIGH
Apache CXF Fediz < 1.3.3 and 1.4.x < 1.4.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-8138 HIGH
HedEx Lite < V200R006C00 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-4928 HIGH
VMware vCenter Server < 6.0 U3c - Server-Side Request Forgery and CRLF Injection via Flash-based vSphere Web Client
CVSS 7.5
CVE-2017-1000224 MEDIUM
YouTube WordPress Plugin < 11.8.1 - Unauthenticated Cross-Site Request Forgery
CVSS 6.5
CVE-2017-15516 HIGH
NetApp SnapCenter Server 1.1-2.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7851 HIGH
D-Link DCS-936L < 1.05.07 - Cross-Site Request Forgery via Referer Header Validation Bypass
CVSS 8.8
CVE-2017-11876 HIGH
Microsoft Project Server 2016 - CSRF
CVSS 8.8
CVE-2017-16780 CRITICAL
MyBB < 1.8.12 - Remote Code Execution via Installer Configuration File Write
CVSS 9.8
CVE-2017-16570 HIGH
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery via Missing x-csrf-token Header
CVSS 8.8
CVE-2017-16565 HIGH
Grandstream HT802 Firmware - Cross-Site Request Forgery via Login Screen
CVSS 8.8
CVE-2017-16563 HIGH
Grandstream HT802 Firmware - Cross-Site Request Forgery in Basic Settings Screen
CVSS 8.0
CVE-2017-1000147 MEDIUM
Mahara <1.9.8, <1.10.6, <15.04.3 - CSRF
CVSS 6.8
CVE-2017-1300 HIGH
IBM OpenPages GRC Platform <7.4 - CSRF
CVSS 8.8
CVE-2017-1000244 HIGH
Jenkins Favorite Plugin <2.2.0 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium