CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-6634 HIGH
Cisco Industrial Ethernet 1000 Series Switches 1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7620 MEDIUM
MantisBT < 1.3.11, 2.x < 2.3.3, 2.4.x < 2.4.1 - Cross-Site Request Forgery via Permalink Injection
CVSS 6.5
CVE-2017-9064 HIGH
WordPress < 4.7.5 - Cross-Site Request Forgery in Filesystem Credentials Dialog
CVSS 8.8
CVE-2017-9062 HIGH
WordPress < 4.7.5 - Cross-Site Request Forgery via XML-RPC API
CVSS 8.6
CVE-2017-7662 HIGH
Apache CXF Fediz <1.4.0-1.3.2 - CSRF
CVSS 8.8
CVE-2017-7661 HIGH
Apache CXF Fediz <1.4.0-1.2.4 - CSRF
CVSS 8.8
CVE-2017-8382 MEDIUM
admidio 3.2.8 - Cross-Site Request Forgery in Members Function Module
CVSS 4.5
CVE-2017-7491 MEDIUM
Moodle 2.x and 3.x - Cross-Site Request Forgery
CVSS 4.3
CVE-2017-8930 HIGH
Simple Invoices 2013.1.beta.8 - CSRF
CVSS 8.8
CVE-2017-8928 HIGH
mailcow 0.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-8875 MEDIUM
Clean Login < 1.8 - Cross-Site Request Forgery
CVSS 6.5
CVE-2017-8874 HIGH
Mautic 1.4.1 - Cross-Site Request Forgery in Email Campaign and Contact Deletion
CVSS 8.8
CVE-2017-5891 HIGH
ASUS RT-AC* and RT-N* Firmware - Cross-Site Request Forgery in Login and Save Settings
CVSS 8.8
CVE-2017-8848 MEDIUM
Allen Disk - Cross-Site Request Forgery
CVSS 6.5
CVE-2017-7431 HIGH
Novell iManager <2.7 SP7 Patch 10 HF1 & NetIQ iManager <3.0.3.1 - CSRF
CVSS 8.8
CVE-2017-1194 HIGH
IBM WebSphere Application Server - CSRF
CVSS 8.8
CVE-2017-2102 HIGH
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application <= V3.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2097 HIGH
support-project Knowledge < 1.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-8101 HIGH
Serendipity 2.0.5 - Cross-Site Request Forgery via Theme Installation
CVSS 8.8
CVE-2017-8100 MEDIUM
CopySafe Web Protection < 2.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2017-8099 HIGH
WHIZZ < 1.1 - Cross-Site Request Forgery via GET Request
CVSS 8.1
CVE-2017-8098 MEDIUM
e107 2.1.4 - Cross-Site Request Forgery in Plugin Installation
CVSS 6.5
CVE-2017-7852 HIGH
D-Link DCS Series Cameras - Cross-Site Request Forgery via Insecure CrossDomain.XML
CVSS 8.8
CVE-2017-8082 MEDIUM
concrete5 8.1.0 - Cross-Site Request Forgery in Thumbnail Editor
CVSS 6.5
CVE-2017-7951 HIGH
WonderCMS < 2.0.2 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium