CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2015-4630 HIGH
Koha 3.14.00-3.14.15 - Cross-Site Request Forgery via Member Entry or Flag Endpoints
CVSS 8.0
CVE-2015-7610 HIGH
Zimbra Collaboration Suite <8.6.0-8.7.11-8.8.8 - CSRF
CVSS 8.8
CVE-2015-0151 HIGH
D-Link DIR-815 Firmware < 2.07.b01 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-2009 HIGH
IBM QRadar SIEM 7.2.0-7.2.4 - Cross-Site Request Forgery via xmlrpc.cgi
CVSS 8.8
CVE-2015-4179 HIGH
Codestyling Localization < 1.99.30 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5170 HIGH
Cloud Foundry Runtime cf-release < 216 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-2878 HIGH
Hexis HawkEye G 3.0.1.4912 - Cross-Site Request Forgery via Multiple Endpoints
CVSS 8.8
CVE-2015-7715 HIGH
Realtyna RPL < 8.9.5 - Cross-Site Request Forgery via add_user Action
CVSS 8.8
CVE-2015-2143 HIGH
phpBugTracker < 1.6.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-2142 HIGH
phpBugTracker < 1.6.0 - Authenticated Cross-Site Request Forgery via Multiple Parameters
CVSS 8.0
CVE-2015-9233 HIGH
CP Contact Form with PayPal < 1.1.6 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 8.8
CVE-2015-7293 HIGH
Plone - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5182 HIGH
Redhat Amq - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-0276 HIGH
Kallithea < 0.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5395 HIGH
SOGo <3.1.0 - CSRF
CVSS 8.8
CVE-2015-5607 HIGH
IPython 2-3 - Cross-Site Request Forgery in REST API
CVSS 8.8
CVE-2015-4089 HIGH
WP Fastest Cache < 0.8.3.5 - Cross-Site Request Forgery via optionsPageRequest
CVSS 8.8
CVE-2015-4697 HIGH
Google Analyticator < 6.4.9.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-4619 HIGH
Spina - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-3655 HIGH
Aruba Networks ClearPass Policy Manager <6.4.7, <6.5.2 - CSRF
CVSS 8.8
CVE-2015-5258 HIGH
springframework-social <1.1.3 - CSRF
CVSS 8.8
CVE-2015-5081 HIGH
django-cms < 3.0.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-4639 HIGH
Koha 3.14.x < 3.14.16, 3.16.x < 3.16.12, 3.20.x < 3.20.1 - Cross-Site Scripting via Crafted List Name
CVSS 8.8
CVE-2015-1786 HIGH
Zend Framework 2.3.0-2.3.5 - Cross-Site Request Forgery via Malformed Token Identifiers
CVSS 8.8
CVE-2015-3191 HIGH
Cloud Foundry Runtime <v209 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,385
Exploit Likelihood Medium