CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-14683 HIGH
geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload
CVSS 8.8
CVE-2017-12253 HIGH
Cisco Unified Intelligence Center - CSRF
CVSS 8.8
CVE-2017-14530 HIGH
Crony Cronjob Manager < 0.4.6 - Cross-Site Request Forgery via Name Parameter
CVSS 8.0
CVE-2017-11350 HIGH
Axesstel MU553S MU55XS-V1.14 - Cross-Site Request Forgery in ConfigSet
CVSS 8.8
CVE-2017-14267 HIGH
EE 4GEE WiFi MBB < EE60_00_05.00_31 - CSRF
CVSS 8.8
CVE-2017-12838 HIGH
NexusPHP 1.5 - Cross-Site Request Forgery via mybonus.php
CVSS 8.8
CVE-2017-11567 HIGH
Mongoose Embedded Web Server Library < 6.8 - Cross-Site Request Forgery via __mg_admin?save
CVSS 8.8
CVE-2017-1097 HIGH
IBM Emptoris Strategic Supply Management Platform 10.0.0.x-10.1.1.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-14048 HIGH
BlackCat CMS 1.2 - Command Injection
CVSS 8.8
CVE-2017-1442 HIGH
IBM Emptoris Services Procurement 10.0.0.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-11455 HIGH
Pulse Connect Secure 8.1R1-8.1R10, 8.2R1-8.2R5 & Pulse Policy Secure 5.1R1-5.3R5 - CSRF via diag.cgi
CVSS 8.8
CVE-2017-7926 HIGH
OSIsoft PI Web API < 2017 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12703 HIGH
Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455 < 1.7.5.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12970 HIGH
Apache2Triad 1.5.4 - Cross-Site Request Forgery in User Account Management
CVSS 8.8
CVE-2017-7557 HIGH
dnsdist 1.1.0 - Improper Authentication for REST API
CVSS 8.8
CVE-2017-7423 HIGH
Micro Focus Enterprise Developer/Server <2.3 Update 1 Hotfix 8 - CSRF
CVSS 8.8
CVE-2017-5187 HIGH
Micro Focus Enterprise Developer/E<2.3 - CSRF
CVSS 8.8
CVE-2017-12881 HIGH
Spring Batch Admin < 1.3.0.RELEASE - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12593 HIGH
ASUS DSL-N10S V2.1.16_APAC - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12589 HIGH
ToMAX R60G and R60GV2 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7556 HIGH
Hawtio <= 1.5.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12853 HIGH
RealTime RWR-3G-100 Router Firmware Ver1.0.56 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6328 HIGH
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12651 HIGH
Loginizer < 1.3.5 - Cross-Site Request Forgery in IP Wizard
CVSS 8.8
CVE-2017-6756 HIGH
Cisco Prime Collaboration Provisioning Tool <12.2 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium