CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,384 vulnerabilities with CWE-352
CVE-2017-6915 MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via Colophon Parameter
CVSS 4.3
CVE-2017-6914 HIGH
BigTree CMS 4.1.18 and 4.2.16 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 7.1
CVE-2017-6366 HIGH
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
CVSS 8.8
CVE-2017-6180 HIGH
Keekoon KK002 IP Camera Firmware 1.8.12 HD - Cross-Site Request Forgery in goform/formChnUserPwd and goform/formUserMng
CVSS 8.8
CVE-2017-6081 HIGH
Zammad < 1.0.4, 1.1.x < 1.1.3, 1.2.x < 1.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6080 CRITICAL
Zammad <1.0.4, 1.1.x<1.1.3, 1.2.x<1.2.1 - Cross-Site Request Forgery via REST API
CVSS 9.8
CVE-2017-6819 MEDIUM
WordPress < 4.7.2 - Cross-Site Request Forgery in Press This
CVSS 6.5
CVE-2017-6411 HIGH
D-Link DSL-2730U C1 IN_1.00 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5633 HIGH
D-Link DI-524 Firmware 9.01 - Cross-Site Request Forgery via CGI Programs
CVSS 8.0
CVE-2017-2682 HIGH
Siemens RUGGEDCOM NMS < V1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6127 HIGH
DIGISOL DG-HR1400 Firmware 1.00.02 - Cross-Site Request Forgery via form2WlanBasicSetup.cgi
CVSS 8.8
CVE-2017-5959 CRITICAL
GeniXCMS < 1.0.2 - Cross-Site Request Forgery Token Bypass via Forgot Password
CVSS 9.8
CVE-2017-5169 HIGH
Hanwha Techwin Smart Security Manager <1.5 - CSRF
CVSS 7.5
CVE-2017-5165 HIGH
BINOM3 Universal Multifunctional Electric Power Quality Meter Firmware - Cross-Site Request Forgery
CVSS 7.6
CVE-2017-5145 CRITICAL
Carlo Gavazzi VMU-C EM <A11_U05 - CSRF
CVSS 10.0
CVE-2017-5368 HIGH
ZoneMinder 1.29-1.30 - Cross-Site Request Forgery via User Creation Parameters
CVSS 8.8
CVE-2017-3794 HIGH
Cisco WebEx Meetings Server 2.6 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5492 HIGH
WordPress < 4.7.1 - Cross-Site Request Forgery in Widget-Editing Accessibility Mode
CVSS 8.8
CVE-2017-5489 HIGH
WordPress < 4.7 - Cross-Site Request Forgery via Flash File Upload
CVSS 8.8
CVE-2017-5476 HIGH
Serendipity <= 2.0.5 - Cross-Site Request Forgery via Plugin Installation
CVSS 8.8
CVE-2017-5475 HIGH
Serendipity < 2.0.5 - Cross-Site Request Forgery in Comment Deletion
CVSS 8.8
CVE-2017-5473 HIGH
ntopng < 2.4 - Cross-Site Request Forgery via User Management Endpoints
CVSS 8.8
CVE-2016-20083 MEDIUM
WordPress More Fields Plugin 2.1 Cross-Site Request Forgery
CVSS 5.3
CVE-2016-20074 MEDIUM
WordPress Lazy Content Slider Plugin 3.4 CSRF
CVSS 4.3
CVE-2016-20067 MEDIUM
WordPress CP Polls 1.0.8 Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities 9,384
Exploit Likelihood Medium