CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2016-5758 HIGH
NetIQ Access Manager <4.1.2-4.2.2 - CSRF
CVSS 8.8
CVE-2016-4504 HIGH
Meteocontrol WEB'log - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4928 HIGH
Junos Space < 15.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-8018 MEDIUM
McAfee VirusScan Enterprise Linux < 2.0.3 - Authenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2016-9730 MEDIUM
IBM QRadar Incident Forensics 7.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2016-10206 HIGH
Zoneminder < 1.30.0 - Cross-Site Request Forgery via Crafted User Action Request
CVSS 8.8
CVE-2016-9975 HIGH
IBM Jazz for Service Management 1.1.2.1 and 1.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4315 MEDIUM
WSO2 Carbon 4.4.5 - Cross-Site Request Forgery via Server Shutdown Action
CVSS 5.7
CVE-2016-4311 HIGH
WSO2 Identity Server 5.1.0 - Cross-Site Request Forgery in XACML Flow
CVSS 8.8
CVE-2016-6033 HIGH
IBM Tivoli Storage Manager for Virtual Environments 7.1 - CSRF
CVSS 8.8
CVE-2016-9365 HIGH
Moxa NPort Series - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-8369 HIGH
Lynxspring JENEsys BAS Bridge <1.1.8 - CSRF
CVSS 8.8
CVE-2016-8350 MEDIUM
Moxa ioLogik <V2.4 - Info Disclosure
CVSS 6.3
CVE-2016-5809 HIGH
Schneider Electric IONXXXX Series - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-5372 MEDIUM
NetApp Snap Creator Framework < 4.3.0P1 - Cross-Site Request Forgery
CVSS 6.3
CVE-2016-2539 HIGH
ATutor < 2.2.1 - Cross-Site Request Forgery via install_modules.php
CVSS 8.8
CVE-2016-6103 HIGH
IBM Tivoli Key Lifecycle Manager - CSRF
CVSS 8.8
CVE-2016-8941 HIGH
IBM Tivoli Storage Productivity Center - CSRF
CVSS 8.8
CVE-2016-6045 HIGH
IBM Tivoli Storage Manager Operations Center - CSRF
CVSS 8.8
CVE-2016-5937 HIGH
IBM Kenexa LCMS Premier on Cloud - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-3029 HIGH
IBM Security Access Manager for Web 8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-9218 HIGH
Cisco Hybrid Meeting Server 1.0 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2016-6521 HIGH
Grails < 1.5.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-3406 HIGH
Zimbra Collaboration Suite < 8.7.0 - Cross-Site Request Forgery via Client Uploader and REST Handlers
CVSS 8.8
CVE-2016-6897 MEDIUM
WordPress < 4.5.5 - Cross-Site Request Forgery via Late check_ajax_referer Call
CVSS 6.5
Details
Vulnerabilities 9,385
Exploit Likelihood Medium