CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-10677 HIGH
Linksys EA4500 Firmware < 2.0.36 - Cross-Site Request Forgery via apply.cgi
CVSS 8.8
CVE-2017-12584 HIGH
SLiMS 8 Akasia <= 8.3.1 - Cross-Site Request Forgery via User Profile Update
CVSS 8.8
CVE-2017-9863 HIGH
SMA Sunny Boy and Sunny Tripower Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-12439 HIGH
SocuSoft Flash Slideshow Maker Professional <5.20 - XSS
CVSS 7.5
CVE-2017-2138 HIGH
CS-Cart Japanese Edition <4.3.10 - CSRF
CVSS 8.8
CVE-2017-11726 HIGH
ConnectWise Manage 2017.5 - Cross-Site Request Forgery via System.rails
CVSS 8.8
CVE-2017-11648 HIGH
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 - Cross-Site Request Forgery via BasicSettings Request
CVSS 8.8
CVE-2017-9490 HIGH
Arris TG1682G Firmware 10.0.132.SIP.PC20.CT - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9489 HIGH
Cisco DPC3939B Firmware dpc3939b-v303r204217-150321a-CMCST - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-11646 HIGH
NetComm Wireless 4GT101W - Cross-Site Request Forgery via Administration Interface
CVSS 8.8
CVE-2017-11680 HIGH
Hashtopussy < 0.4.0 - Cross-Site Request Forgery via users.php
CVSS 8.8
CVE-2017-11679 HIGH
Hashtopus 1.5g - Cross-Site Request Forgery via Admin Config Password Parameter
CVSS 8.8
CVE-2017-9413 HIGH
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Feature
CVSS 8.8
CVE-2017-2273 HIGH
BUFFALO WMR-433 and WMR-433W - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9415 HIGH
subsonic 6.1.1 - Cross-Site Request Forgery via userSettings.view
CVSS 7.5
CVE-2017-9930 HIGH
Green Packet DX-350 Firmware v2.8.9.5-g1.4.8-atheeb - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-1218 HIGH
IBM BigFix Platform - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-10961 HIGH
REDCap < 7.5.0 - Cross-Site Request Forgery in File Repository Deletion
CVSS 8.8
CVE-2017-9810 HIGH
Kaspersky Anti-Virus for Linux File Server <8.0.4.312 - CSRF
CVSS 8.8
CVE-2017-7666 HIGH
Apache OpenMeetings 1.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-1000069 HIGH
oauth2_proxy < 2.2.0 - Cross-Site Request Forgery in Authentication Flow
CVSS 8.8
CVE-2017-1000008 HIGH
Chyrp Lite 2016.04 - Cross-Site Request Forgery in User Settings
CVSS 8.8
CVE-2017-11196 HIGH
Pulse Connect Secure 8.3R1 - Cross-Site Request Forgery in Admin Logout Function
CVSS 8.8
CVE-2017-11193 HIGH
Pulse Connect Secure 8.3R1 - Cross-Site Request Forgery in diag.cgi
CVSS 8.8
CVE-2017-2244 HIGH
Brother MFC-J960DWN Firmware <= ver.D - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium