CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,384 vulnerabilities with CWE-352
CVE-2016-4886 HIGH
baserCMS plugin Mail <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4885 HIGH
baserCMS plugin Feed <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4884 HIGH
baserCMS plugin Blog <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4882 HIGH
baserCMS <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4881 HIGH
baserCMS plugin Blog <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4879 HIGH
baserCMS Mail Plugin <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4878 HIGH
baserCMS < 3.0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4876 HIGH
baserCMS <= 3.0.10 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-9092 HIGH
Symantec CA <2.2.1.1, MTD 1.1 - CSRF
CVSS 8.8
CVE-2016-5889 HIGH
IBM Interact 8.6, 9.0, 9.1, 10.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-3691 HIGH
Kallithea < 0.3.2 - Cross-Site Request Forgery via GET Request Method
CVSS 8.8
CVE-2016-0720 HIGH
pcs < 0.9.149 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-5401 HIGH
Red Hat JBoss BRMS and BPMS 6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-3734 HIGH
Moodle <3.0.3-<2.9.5-<2.8.11-<2.7.13 - CSRF
CVSS 8.8
CVE-2016-1161 HIGH
ManageEngine Password Manager Pro <8.5 - CSRF
CVSS 8.0
CVE-2016-4891 HIGH
Setucocms - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-8718 HIGH
Moxa AWK-3131A Wireless Access Point <1.1 - CSRF
CVSS 8.8
CVE-2016-4319 HIGH
Atlassian JIRA Server <7.1.9 - CSRF
CVSS 8.8
CVE-2016-6100 HIGH
IBM Atlas Policy Suite 6.0.3 - CSRF
CVSS 8.8
CVE-2016-10313 HIGH
Jensenofscandinavia Al3g Firmware - CSRF
CVSS 8.8
CVE-2016-8917 HIGH
IBM Sterling Order Management <9.5 - CSRF
CVSS 8.8
CVE-2016-9456 HIGH
Revive Adserver < 3.2.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-9455 HIGH
Revive Adserver < 3.2.3 - Cross-Site Request Forgery in Admin Scripts
CVSS 8.8
CVE-2016-9127 HIGH
Revive Adserver < 3.2.3 - Cross-Site Request Forgery via Password Recovery Form
CVSS 8.8
CVE-2016-5758 HIGH
NetIQ Access Manager <4.1.2-4.2.2 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,384
Exploit Likelihood Medium