CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,381 vulnerabilities with CWE-352
CVE-2017-7990 HIGH
OpenMRS Reporting Module 1.12.0 - Cross-Site Request Forgery with Stored Cross-Site Scripting via Report Name Field
CVSS 8.8
CVE-2017-5156 HIGH
Schneider Electric Wonderware InTouch Access Anywhere <11.5.2 - CSRF
CVSS 8.8
CVE-2017-7881 HIGH
BigTree CMS < 4.2.17 - Cross-Site Request Forgery via Referer Header Query String
CVSS 8.8
CVE-2017-7877 HIGH
flatcore-cms 1.4.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7571 HIGH
Faveo 1.9.3 - Cross-Site Request Forgery in Role Change Admin
CVSS 8.0
CVE-2017-7447 HIGH
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Logo Upload
CVSS 8.8
CVE-2017-7446 HIGH
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Admin Person Management
CVSS 8.8
CVE-2017-7398 HIGH
D-Link DIR-615 Firmware 20.09 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2688 HIGH
Siemens RUGGEDCOM ROX I - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6069 HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Admin Blog Add
CVSS 8.8
CVE-2017-6068 HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Admin Block Creation
CVSS 8.8
CVE-2017-6066 HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Language Edit Endpoint
CVSS 8.8
CVE-2017-6002 HIGH
Subrion CMS 4.0.5.10 - Cross-Site Request Forgery in Admin Blog Add
CVSS 8.8
CVE-2017-5874 HIGH
D-Link DIR-600M Firmware < 1.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6803 HIGH
SolarWinds FTP Voyager 16.2.0 - CSRF
CVSS 8.8
CVE-2017-7178 HIGH
Deluge < 1.3.14 - Cross-Site Request Forgery via Crafted Plugin Installation
CVSS 8.8
CVE-2017-3877 MEDIUM
Cisco Unified Communications Manager - CSRF
CVSS 6.5
CVE-2017-0045 MEDIUM
Windows DVD Maker - Information Disclosure via Crafted .msdvd File Parsing
CVSS 5.5
CVE-2017-6379 HIGH
Drupal 8.2.x < 8.2.7 - Cross-Site Request Forgery in Administrative Paths
CVSS 7.5
CVE-2017-6918 MEDIUM
BigTree CMS 4.2.16 - Cross-Site Request Forgery via Navigation Social Update
CVSS 4.3
CVE-2017-6917 MEDIUM
BigTree CMS 4.2.16 - Cross-Site Request Forgery via Admin Settings Update
CVSS 4.3
CVE-2017-6916 MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via nav-social Parameter
CVSS 4.3
CVE-2017-6915 MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via Colophon Parameter
CVSS 4.3
CVE-2017-6914 HIGH
BigTree CMS 4.1.18 and 4.2.16 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 7.1
CVE-2017-6366 HIGH
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
CVSS 8.8
Details
Vulnerabilities 9,381
Exploit Likelihood Medium