CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,381 vulnerabilities with CWE-352
CVE-2017-16244
HIGH
OctoberCMS < 1.0.427 - Cross-Site Request Forgery via _handler Postback Variable
CVSS 8.8
CVE-2017-15808
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/ajax.config.php
CVSS 8.8
CVE-2017-15735
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Modification
CVSS 8.8
CVE-2017-15734
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.main.php
CVSS 8.8
CVE-2017-15733
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in Admin Attachment Handling
CVSS 8.8
CVE-2017-15732
HIGH
phpMyFAQ < 2.9.8 - Cross-Site Request Forgery in admin/news.php
CVSS 8.8
CVE-2017-15731
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.adminlog.php
CVSS 8.8
CVE-2017-15730
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
CVSS 8.8
CVE-2017-15729
HIGH
phpmyfaq < 2.9.8 - Cross-Site Request Forgery for Glossary Addition
CVSS 8.8
CVE-2017-15645
HIGH
Webmin < 1.850 - Cross-Site Request Forgery via create_job.cgi URI Parameter
CVSS 8.8
CVE-2017-12271
HIGH
Cisco SPA300 and SPA500 Series IP Phones < 7.5.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-14956
MEDIUM
AlienVault Unified Security Management < 5.4.2 - Authenticated Cross-Site Request Forgery via Report Export
CVSS 5.7
CVE-2017-14011
HIGH
ProMinent MultiFLEX M10a Controller - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-15296
HIGH
SAP Customer Relationship Management - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-15084
MEDIUM
Rapid7 Metasploit < 4.14.1 - Cross-Site Request Forgery via Logout Function
CVSS 6.5
CVE-2017-15063
HIGH
Subrion 4.1-4.1.5 and < 4.2.0 - Cross-Site Request Forgery via Panel Database Query Parameter
CVSS 8.8
CVE-2017-1000093
HIGH
Poll SCM Plugin < 1.3.1 - Cross-Site Request Forgery via API
CVSS 8.8
CVE-2017-1000092
HIGH
Jenkins Git Plugin - Cross-Site Request Forgery via Form Validation
CVSS 7.5
CVE-2017-1000091
MEDIUM
GitHub Branch Source Plugin - Cross-Site Request Forgery via Form Validation
CVSS 6.3
CVE-2017-1000090
HIGH
Role-based Authorization Strategy Plugin - CSRF
CVSS 8.8
CVE-2017-1000085
MEDIUM
Subversion Plugin - Info Disclosure
CVSS 6.5
CVE-2017-14925
HIGH
Tiki <16.3, 17.x <17.1, 12 LTS <12.12 LTS, 15 LTS <15.5 LTS - CSRF
CVSS 8.0
CVE-2017-14924
HIGH
Tiki <16.3,17.x<17.1,12 LTS<12.12 LTS,15 LTS<15.5 LTS - CSRF
CVSS 8.0
CVE-2017-13129
HIGH
ZKTeco ZKTime Web 2.0.1.12280 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2017-7969
HIGH
PowerSCADA Anywhere 1.0 and Citect Anywhere 1.0 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities
9,381
Exploit Likelihood
Medium