CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,384 vulnerabilities with CWE-352
CVE-2016-20054 MEDIUM
Nodcms Cross Site Request Forgery via admin endpoints
CVSS 4.3
CVE-2016-20053 MEDIUM
Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint
CVSS 5.3
CVE-2016-20051 MEDIUM
Snews CMS 1.7 Cross-Site Request Forgery via changeup
CVSS 5.3
CVE-2016-20035 MEDIUM
Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint
CVSS 5.3
CVE-2016-20034 HIGH
Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
CVSS 8.8
CVE-2016-20028 MEDIUM
ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
CVSS 4.3
CVE-2016-15009 LOW
OpenACS bug-tracker < 2016-05-25 - Cross-Site Request Forgery in Search Component
CVSS 3.5
CVE-2016-15005 HIGH
Golf Project Golf <= 0.3.0 - CSRF Token Prediction
CVSS 8.8
CVE-2016-3098 MEDIUM
administrate < 0.1.5 - Cross-Site Request Forgery
CVSS 5.4
CVE-2016-11085 MEDIUM
Quiz and Survey Master < 4.7.9 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Question Name Parameter
CVSS 6.5
CVE-2016-11084 MEDIUM
Mattermost Server < 2.1.0 - Cross-Site Scripting via CSRF
CVSS 6.1
CVE-2016-11055 MEDIUM
NETGEAR Multiple Devices < 2017-01-11 - Cross-Site Request Forgery
CVSS 4.3
CVE-2016-11015 MEDIUM
NETGEAR JNR1010 Firmware < 1.0.0.32 - Cross-Site Request Forgery via BlackList URL Parameter
CVSS 6.5
CVE-2016-10997 MEDIUM
beauty-premium 1.0.8 - Cross-Site Request Forgery with Arbitrary File Upload in sendmail.php
CVSS 6.5
CVE-2016-10989 HIGH
leenk.me < 2.6.0 - Cross-Site Request Forgery via Facebook Settings Page
CVSS 8.8
CVE-2016-10982 HIGH
kento-post-view-counter < 2.8 - Cross-Site Request Forgery via Settings Page
CVSS 8.8
CVE-2016-10978 HIGH
fossura-tag-miner < 1.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10974 HIGH
fluid-responsive-slideshow < 2.2.7 - Cross-Site Request Forgery and Stored Cross-Site Scripting via frs_save
CVSS 8.8
CVE-2016-10962 MEDIUM
icegram_engage < 1.9.19 - Cross-Site Request Forgery via wp-admin/edit.php option_name Parameter
CVSS 6.5
CVE-2016-10946 HIGH
Wp-d3 < 2.4.1 - CSRF
CVSS 8.8
CVE-2016-10945 HIGH
PageLines < 1.1.4 - Cross-Site Request Forgery via admin-post.php
CVSS 8.8
CVE-2016-10944 HIGH
multisite_post_duplicator < 1.1.3 - Cross-Site Request Forgery via wp-admin/tools.php
CVSS 8.8
CVE-2016-10938 MEDIUM
copy-me 1.0.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2016-10918 HIGH
Photo Gallery by Supsystic < 1.8.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-10903 HIGH
GoDaddy Email Marketing < 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,384
Exploit Likelihood Medium