CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-16244 HIGH
OctoberCMS < 1.0.427 - Cross-Site Request Forgery via _handler Postback Variable
CVSS 8.8
CVE-2017-15808 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
CVSS 8.8
CVE-2017-15735 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Modification
CVSS 8.8
CVE-2017-15734 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.main.php
CVSS 8.8
CVE-2017-15733 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in Admin Attachment Handling
CVSS 8.8
CVE-2017-15732 HIGH
phpMyFAQ < 2.9.8 - Cross-Site Request Forgery in admin/news.php
CVSS 8.8
CVE-2017-15731 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.adminlog.php
CVSS 8.8
CVE-2017-15730 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
CVSS 8.8
CVE-2017-15729 HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Addition
CVSS 8.8
CVE-2017-15645 HIGH
Webmin < 1.850 - Cross-Site Request Forgery via create_job.cgi URI Parameter
CVSS 8.8
CVE-2017-12271 HIGH
Cisco SPA300 and SPA500 Series IP Phones < 7.5.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-14956 MEDIUM
AlienVault Unified Security Management < 5.4.2 - Authenticated Cross-Site Request Forgery via Report Export
CVSS 5.7
CVE-2017-14011 HIGH
ProMinent MultiFLEX M10a Controller - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-15296 HIGH
SAP Customer Relationship Management - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-15084 MEDIUM
Rapid7 Metasploit < 4.14.1 - Cross-Site Request Forgery via Logout Function
CVSS 6.5
CVE-2017-15063 HIGH
Subrion 4.1-4.1.5 and < 4.2.0 - Cross-Site Request Forgery via Panel Database Query Parameter
CVSS 8.8
CVE-2017-1000093 HIGH
Poll SCM Plugin < 1.3.1 - Cross-Site Request Forgery via API
CVSS 8.8
CVE-2017-1000092 HIGH
Jenkins Git Plugin - Cross-Site Request Forgery via Form Validation
CVSS 7.5
CVE-2017-1000091 MEDIUM
GitHub Branch Source Plugin - Cross-Site Request Forgery via Form Validation
CVSS 6.3
CVE-2017-1000090 HIGH
Role-based Authorization Strategy Plugin - CSRF
CVSS 8.8
CVE-2017-1000085 MEDIUM
Subversion Plugin - Info Disclosure
CVSS 6.5
CVE-2017-14925 HIGH
Tiki <16.3, 17.x <17.1, 12 LTS <12.12 LTS, 15 LTS <15.5 LTS - CSRF
CVSS 8.0
CVE-2017-14924 HIGH
Tiki <16.3,17.x<17.1,12 LTS<12.12 LTS,15 LTS<15.5 LTS - CSRF
CVSS 8.0
CVE-2017-13129 HIGH
ZKTeco ZKTime Web 2.0.1.12280 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2017-7969 HIGH
PowerSCADA Anywhere 1.0 and Citect Anywhere 1.0 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium