CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2016-4494 HIGH
KMC Controls BAC-5051E Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-4506 HIGH
Resource Data Management Intuitive 650 TDB Controller < 2.1 - Authenticated Cross-Site Request Forgery
CVSS 8.0
CVE-2016-2285 HIGH
Moxa MiiNePort E1/E2/E3 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-2157 HIGH
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - CSRF in Assignment Plugin
CVSS 8.8
CVE-2016-1201 HIGH
LOCKON EC-CUBE 3.0.0-3.0.9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-0891 HIGH
EMC ViPR SRM < 3.6.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1174 HIGH
casebook_plugin < 0.9.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1172 HIGH
hiniarata casebook_plugin < 0.9.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1170 HIGH
hiniarata casebook_plugin < 0.9.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1175 MEDIUM
AQUOS Photo Player HN-PP150 <1.03.01.04 - CSRF
CVSS 4.3
CVE-2016-1168 HIGH
NEC Aterm WF800HP Firmware <= 1.0.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1167 HIGH
NEC Aterm WG300HP Firmware < 1.0.8 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-1158 HIGH
Corega CG-WLBARGMH/CG-WLBARGNL - CSRF
CVSS 8.8
CVE-2016-1151 HIGH
Cybozu Office 9.9.0-10.3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-0863 HIGH
Tollgrade SmartGrid LightHouse Sensor Mgmt - CSRF
CVSS 8.8
CVE-2016-0948 HIGH
Adobe Connect < 9.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2016-2199 HIGH
McAfee Vulnerability Manager < 7.5.9 - Cross-Site Request Forgery in Organizations and Remediation Management Page
CVSS 8.8
CVE-2016-1139 HIGH
KDDI HOME SPOT CUBE Firmware < 2 - Cross-Site Request Forgery
CVSS 7.5
CVE-2016-1134 HIGH
BUFFALO WHR-1166DHP/300HP2/WMR-300/BHR-4GRV2/WEX-300/600D/WMR-433/WSR-1166DHP CSRF
CVSS 8.8
CVE-2015-20117 MEDIUM
RealtyScript 4.0.2 Cross-Site Request Forgery Unauthorized User Creation
CVSS 5.3
CVE-2015-20113 MEDIUM
RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities
CVSS 5.3
CVE-2015-10130 MEDIUM
Team Circle Image Slider With Lightbox <1.0 - CSRF
CVSS 5.3
CVE-2015-10125 MEDIUM
WP Ultimate CSV Importer Plugin <3.7.2 - CSRF
CVSS 4.3
CVE-2015-1391 HIGH
HP AirWave 8.0.0-8.0.7 - Cross-Site Request Forgery Protection Bypass
CVSS 8.8
CVE-2015-10116 MEDIUM
RealFaviconGenerator Favicon Plugin <1.2.12 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,385
Exploit Likelihood Medium