CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,381 vulnerabilities with CWE-352
CVE-2017-2238
HIGH
Toshiba HEM-GW16A and HEM-GW26A Firmware < 1.2.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2223
HIGH
I-O DATA DEVICE Camera Firmware < 1.19 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7404
HIGH
D-Link DIR-615 < 20.12PTb01 - Cross-Site Request Forgery via Firmware Upload
CVSS 8.8
CVE-2017-4998
HIGH
RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5943
HIGH
Request Tracker 4.x < 4.0.25, 4.2.x < 4.2.14, 4.4.x < 4.4.2 - Cross-Site Request Forgery Token Exposure
CVSS 8.8
CVE-2017-6042
HIGH
Sierra Wireless AirLink Raven XE < 4.0.14 and XT < 4.0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6038
HIGH
Belden Hirschmann GECKO Lite Managed Switch Firmware < 2.0.00 - Cross-Site Request Forgery
CVSS 7.1
CVE-2017-10681
HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Album Unlock Request
CVSS 8.8
CVE-2017-10680
HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Album Privacy Change
CVSS 8.8
CVE-2017-10678
HIGH
Piwigo <= 2.9.1 - Cross-Site Request Forgery via Permalink Deletion
CVSS 8.8
CVE-2017-5528
HIGH
TIBCO JasperReports Server < 6.1.1, 6.2.0, 6.2.1, 6.3.0 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6086
HIGH
ViMbAdmin 3.0.15 - Cross-Site Request Forgery in DomainController and MailboxController
CVSS 8.8
CVE-2017-9673
HIGH
SimpleCE < 2.3.0 - Cross-Site Request Forgery via User Management Endpoints
CVSS 8.8
CVE-2017-5244
LOW
Metasploit Pro, Express, and Community < 4.14.0 (Update 2017061301) - Cross-Site Request Forgery via Task Stop Routes
CVSS 3.5
CVE-2017-6659
HIGH
Cisco Prime Collaboration Assurance - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9519
HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9518
HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-9517
HIGH
atmail < 7.8.0.1 - Cross-Site Request Forgery via User Import
CVSS 8.8
CVE-2017-9444
HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery in User Profile and Developer Endpoints
CVSS 8.8
CVE-2017-8836
HIGH
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware - Cross-Site Request Forgery in Administrative CGI Scripts
CVSS 8.8
CVE-2017-9379
HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery via Dashboard Vitals Statistics Parameters
CVSS 8.8
CVE-2017-9365
HIGH
BigTree CMS <= 4.2.18 - Cross-Site Request Forgery via Force Parameter
CVSS 8.8
CVE-2017-7917
HIGH
Moxa OnCell G3110-HSPA <1.3, G3110-HSDPA <1.2, G3150-HSDPA <1.4, 5104-HSDPA, 5104-HSPA, 5004-HSPA CSRF
CVSS 8.8
CVE-2017-9033
HIGH
Trend Micro ServerProtect for Linux <3.0 - CSRF
CVSS 8.8
CVE-2017-5657
HIGH
Apache Archiva < 2.2.1 - Cross-Site Request Forgery
CVSS 8.0
Details
Vulnerabilities
9,381
Exploit Likelihood
Medium