CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-2238 HIGH
Toshiba HEM-GW16A and HEM-GW26A Firmware < 1.2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2223 HIGH
I-O DATA DEVICE Camera Firmware < 1.19 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7404 HIGH
D-Link DIR-615 < 20.12PTb01 - Cross-Site Request Forgery via Firmware Upload
CVSS 8.8
CVE-2017-4998 HIGH
RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5943 HIGH
Request Tracker 4.x < 4.0.25, 4.2.x < 4.2.14, 4.4.x < 4.4.2 - Cross-Site Request Forgery Token Exposure
CVSS 8.8
CVE-2017-6042 HIGH
Sierra Wireless AirLink Raven XE < 4.0.14 and XT < 4.0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6038 HIGH
Belden Hirschmann GECKO Lite Managed Switch Firmware < 2.0.00 - Cross-Site Request Forgery
CVSS 7.1
CVE-2017-10681 HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Album Unlock Request
CVSS 8.8
CVE-2017-10680 HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Album Privacy Change
CVSS 8.8
CVE-2017-10678 HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Permalink Deletion
CVSS 8.8
CVE-2017-5528 HIGH
TIBCO JasperReports Server < 6.1.1, 6.2.0, 6.2.1, 6.3.0 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6086 HIGH
ViMbAdmin 3.0.15 - Cross-Site Request Forgery in DomainController and MailboxController
CVSS 8.8
CVE-2017-9673 HIGH
SimpleCE < 2.3.0 - Cross-Site Request Forgery via User Management Endpoints
CVSS 8.8
CVE-2017-5244 LOW
Metasploit Pro, Express, and Community < 4.14.0 (Update 2017061301) - Cross-Site Request Forgery via Task Stop Routes
CVSS 3.5
CVE-2017-6659 HIGH
Cisco Prime Collaboration Assurance - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9519 HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9518 HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9517 HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery via User Import
CVSS 8.8
CVE-2017-9444 HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery in User Profile and Developer Endpoints
CVSS 8.8
CVE-2017-8836 HIGH
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware - Cross-Site Request Forgery in Administrative CGI Scripts
CVSS 8.8
CVE-2017-9379 HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery via Dashboard Vitals Statistics Parameters
CVSS 8.8
CVE-2017-9365 HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery via Force Parameter
CVSS 8.8
CVE-2017-7917 HIGH
Moxa OnCell G3110-HSPA <1.3, G3110-HSDPA <1.2, G3150-HSDPA <1.4, 5104-HSDPA, 5104-HSPA, 5004-HSPA CSRF
CVSS 8.8
CVE-2017-9033 HIGH
Trend Micro ServerProtect for Linux <3.0 - CSRF
CVSS 8.8
CVE-2017-5657 HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
CVSS 8.0
Details
Vulnerabilities 9,381
Exploit Likelihood Medium