CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,384 vulnerabilities with CWE-352
CVE-2017-6915
MEDIUM
BigTree CMS 4.1.18 - Cross-Site Request Forgery via Colophon Parameter
CVSS 4.3
CVE-2017-6914
HIGH
BigTree CMS 4.1.18 and 4.2.16 - Cross-Site Request Forgery via User Deletion Endpoint
CVSS 7.1
CVE-2017-6366
HIGH
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
CVSS 8.8
CVE-2017-6180
HIGH
Keekoon KK002 IP Camera Firmware 1.8.12 HD - Cross-Site Request Forgery in goform/formChnUserPwd and goform/formUserMng
CVSS 8.8
CVE-2017-6081
HIGH
Zammad < 1.0.4, 1.1.x < 1.1.3, 1.2.x < 1.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6080
CRITICAL
Zammad <1.0.4, 1.1.x<1.1.3, 1.2.x<1.2.1 - Cross-Site Request Forgery via REST API
CVSS 9.8
CVE-2017-6819
MEDIUM
WordPress < 4.7.2 - Cross-Site Request Forgery in Press This
CVSS 6.5
CVE-2017-6411
HIGH
D-Link DSL-2730U C1 IN_1.00 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5633
HIGH
D-Link DI-524 Firmware 9.01 - Cross-Site Request Forgery via CGI Programs
CVSS 8.0
CVE-2017-2682
HIGH
Siemens RUGGEDCOM NMS < V1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2017-6127
HIGH
DIGISOL DG-HR1400 Firmware 1.00.02 - Cross-Site Request Forgery via form2WlanBasicSetup.cgi
CVSS 8.8
CVE-2017-5959
CRITICAL
GeniXCMS < 1.0.2 - Cross-Site Request Forgery Token Bypass via Forgot Password
CVSS 9.8
CVE-2017-5169
HIGH
Hanwha Techwin Smart Security Manager <1.5 - CSRF
CVSS 7.5
CVE-2017-5165
HIGH
BINOM3 Universal Multifunctional Electric Power Quality Meter Firmware - Cross-Site Request Forgery
CVSS 7.6
CVE-2017-5145
CRITICAL
Carlo Gavazzi VMU-C EM <A11_U05 - CSRF
CVSS 10.0
CVE-2017-5368
HIGH
ZoneMinder 1.29-1.30 - Cross-Site Request Forgery via User Creation Parameters
CVSS 8.8
CVE-2017-3794
HIGH
Cisco WebEx Meetings Server 2.6 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2017-5492
HIGH
WordPress < 4.7.1 - Cross-Site Request Forgery in Widget-Editing Accessibility Mode
CVSS 8.8
CVE-2017-5489
HIGH
WordPress < 4.7 - Cross-Site Request Forgery via Flash File Upload
CVSS 8.8
CVE-2017-5476
HIGH
Serendipity <= 2.0.5 - Cross-Site Request Forgery via Plugin Installation
CVSS 8.8
CVE-2017-5475
HIGH
Serendipity < 2.0.5 - Cross-Site Request Forgery in Comment Deletion
CVSS 8.8
CVE-2017-5473
HIGH
ntopng < 2.4 - Cross-Site Request Forgery via User Management Endpoints
CVSS 8.8
CVE-2016-20083
MEDIUM
WordPress More Fields Plugin 2.1 Cross-Site Request Forgery
CVSS 5.3
CVE-2016-20074
MEDIUM
WordPress Lazy Content Slider Plugin 3.4 CSRF
CVSS 4.3
CVE-2016-20067
MEDIUM
WordPress CP Polls 1.0.8 Cross-Site Request Forgery
CVSS 4.3
Details
Vulnerabilities
9,384
Exploit Likelihood
Medium