CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2016-6801 HIGH
Apache Jackrabbit < 2.4.6 - CSRF
CVSS 8.8
CVE-2016-6158 MEDIUM
Huawei WS331a Router Firmware - Cross-Site Request Forgery
CVSS 6.1
CVE-2016-6642 MEDIUM
EMC ViPR SRM < 3.7.1 - Cross-Site Request Forgery
CVSS 6.1
CVE-2016-7034 HIGH
Red Hat JBoss BPM Suite 6.3.2 - Cross-Site Request Forgery via Query String Token Exposure
CVSS 8.8
CVE-2016-7123 HIGH
GNU Mailman < 2.1.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-6893 HIGH
GNU Mailman 2.1.x < 2.1.23 - Cross-Site Request Forgery in User Options Page
CVSS 8.8
CVE-2016-1470 HIGH
Cisco Small Business 220 <1.0.1.1 - CSRF
CVSS 8.8
CVE-2016-2998 LOW
IBM Connections 4.0-4.0 CR4, 4.5-4.5 CR5, 5.0-5.0 CR4, 5.5-5.5 CR1 - Authenticated Cross-Site Request Forgery
CVSS 3.5
CVE-2016-4069 HIGH
Roundcube Webmail <1.1.5 - CSRF
CVSS 8.8
CVE-2016-6635 HIGH
WordPress < 4.4.2 - Cross-Site Request Forgery via wp_ajax_wp_compression_test
CVSS 8.8
CVE-2016-5671 HIGH
Crestron DM-TXRX-100-STR <1.3039.00040 - CSRF
CVSS 8.8
CVE-2016-1607 HIGH
Novell Filr < 2.0 - Cross-Site Request Forgery via Administrative Interface
CVSS 7.2
CVE-2016-4469 HIGH
Apache Archiva < 1.3.9 - Cross-Site Request Forgery via Token Parameter
CVSS 8.8
CVE-2016-1448 HIGH
Cisco WebEx Meetings Server 2.7 - CSRF
CVSS 8.8
CVE-2016-4066 HIGH
FortiWeb < 5.5.2 - Cross-Site Request Forgery via Password Change Request
CVSS 8.8
CVE-2016-2889 HIGH
IBM Jazz Reporting Service CSRF (5.x < 5.0.2 ifix016, 6.0-6.0.1 < 6.0.1 ifix005, 6.0.2 < ifix002)
CVSS 8.8
CVE-2016-4430 HIGH
Apache Struts 2.3.20-2.3.28.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-2863 HIGH
IBM WebSphere Commerce 7.0 FP8, 8.0.0.x < 8.0.0.10, 8.0.1.x < 8.0.1.2 - CSRF
CVSS 8.0
CVE-2016-1228 HIGH
NTT EAST/WEST Hikari Denwa <07.00.1006 - CSRF
CVSS 8.8
CVE-2016-2082 HIGH
VMware vRealize Log Insight 2.x and 3.x < 3.3.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-0386 HIGH
IBM TRIRIGA Application Platform <3.3.2.6-<3.5.0.2 - CSRF
CVSS 8.0
CVE-2016-3653 HIGH
Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2016-2901 HIGH
IBM WebSphere Portal 8.5 CF08-CF10 - Cross-Site Request Forgery in PA_Theme_Creator
CVSS 8.8
CVE-2016-4820 HIGH
I-O DATA DEVICE ETX-R - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4371 HIGH
HPE Service Manager Software <9.40 - Info Disclosure/Privilege Esca...
CVSS 8.0
Details
Vulnerabilities 9,385
Exploit Likelihood Medium