CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,381 vulnerabilities with CWE-352
CVE-2017-7990
HIGH
OpenMRS Reporting Module 1.12.0 - Cross-Site Request Forgery with Stored Cross-Site Scripting via Report Name Field
CVSS 8.8
CVE-2017-5156
HIGH
Schneider Electric Wonderware InTouch Access Anywhere <11.5.2 - CSRF
CVSS 8.8
CVE-2017-7881
HIGH
BigTree CMS < 4.2.17 - Cross-Site Request Forgery via Referer Header Query String
CVSS 8.8
CVE-2017-7877
HIGH
flatcore-cms 1.4.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-7571
HIGH
Faveo 1.9.3 - Cross-Site Request Forgery in Role Change Admin
CVSS 8.0
CVE-2017-7447
HIGH
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Logo Upload
CVSS 8.8
CVE-2017-7446
HIGH
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Admin Person Management
CVSS 8.8
CVE-2017-7398
HIGH
D-Link DIR-615 Firmware 20.09 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-2688
HIGH
Siemens RUGGEDCOM ROX I - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6069
HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Admin Blog Add
CVSS 8.8
CVE-2017-6068
HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Admin Block Creation
CVSS 8.8
CVE-2017-6066
HIGH
Subrion CMS 4.0.5 - Cross-Site Request Forgery in Language Edit Endpoint
CVSS 8.8
CVE-2017-6002
HIGH
Subrion CMS 4.0.5.10 - Cross-Site Request Forgery in Admin Blog Add
CVSS 8.8
CVE-2017-5874
HIGH
D-Link DIR-600M Firmware < 1.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6803
HIGH
SolarWinds FTP Voyager 16.2.0 - CSRF
CVSS 8.8
CVE-2017-7178
HIGH
Deluge < 1.3.14 - Cross-Site Request Forgery via Crafted Plugin Installation
CVSS 8.8
CVE-2017-3877
MEDIUM
Cisco Unified Communications Manager - CSRF
CVSS 6.5
CVE-2017-0045
MEDIUM
Windows DVD Maker - Information Disclosure via Crafted .msdvd File Parsing
CVSS 5.5
CVE-2017-6379
HIGH
Drupal 8.2.x < 8.2.7 - Cross-Site Request Forgery in Administrative Paths
CVSS 7.5
CVE-2017-6918
MEDIUM
BigTree CMS 4.2.16 - Cross-Site Request Forgery via Navigation Social Update
CVSS 4.3
CVE-2017-6917
MEDIUM
BigTree CMS 4.2.16 - Cross-Site Request Forgery via Admin Settings Update
CVSS 4.3
CVE-2017-6916
MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via nav-social Parameter
CVSS 4.3
CVE-2017-6915
MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via Colophon Parameter
CVSS 4.3
CVE-2017-6914
HIGH
BigTree CMS 4.1.18 and 4.2.16 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 7.1
CVE-2017-6366
HIGH
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
CVSS 8.8
Details
Vulnerabilities
9,381
Exploit Likelihood
Medium