CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,385 vulnerabilities with CWE-352
CVE-2015-7563
HIGH
TeamPass < 2.1.24.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-8255
HIGH
AXIS Communications Firmware - Cross-Site Request Forgery via admin/pwdgrp.cgi vaconfig.cgi and admin/local_del.cgi
CVSS 8.8
CVE-2015-8624
HIGH
MediaWiki < 1.23.12, 1.24.x < 1.24.5, 1.25.x < 1.25.4, 1.26.x < 1.26.1 - Cross-Site Request Forgery via Timing Attack
CVSS 8.8
CVE-2015-8623
HIGH
MediaWiki < 1.23.12 and 1.24.x < 1.24.5 - Cross-Site Request Forgery via Timing Attack
CVSS 8.8
CVE-2015-8814
HIGH
Umbraco < 7.4.0 - Cross-Site Request Forgery via templates.asmx.cs
CVSS 8.8
CVE-2015-4593
HIGH
eClinicalWorks Population Health - Cross-Site Request Forgery in portalUserService.jsp
CVSS 8.8
CVE-2015-6541
HIGH
Zimbra Collaboration Server < 8.5 - Cross-Site Request Forgery via SOAP BatchRequest
CVSS 8.8
CVE-2015-8152
HIGH
Symantec Endpoint Protection Manager < 12.1 RU6-MP4 - Authenticated Remote Code Execution via CSRF
CVSS 8.0
CVE-2015-7446
HIGH
IBM Flash System V9000 <7.4.1.4-7.6.0.4 - CSRF
CVSS 8.8
CVE-2015-5351
HIGH
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M2 - CSRF
CVSS 8.8
CVE-2015-5338
HIGH
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery in Lesson Module
CVSS 8.8
CVE-2015-5335
MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery via Registration Hub URL
CVSS 4.3
CVE-2015-5050
HIGH
IBM Emptoris Contract Management 9.5.0.x-10.0.4.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7678
HIGH
Ipswitch MOVEit Mobile <1.2.0.962 - CSRF
CVSS 8.8
CVE-2015-7537
HIGH
Jenkins <1.640-1.625.2 - CSRF
CVSS 8.8
CVE-2015-8379
HIGH
CakePHP 2.x and 3.x < 3.1.5 - Cross-Site Request Forgery Bypass via _method Parameter
CVSS 8.8
CVE-2015-5007
HIGH
IBM WebSphere Commerce 6.0-6.0.0.11, 7.0-7.0.0.9, 7.0 Feature Pack 8 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2015-3946
HIGH
Advantech WebAccess < 8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7465
HIGH
IBM Jazz Reporting Service <6.0.0-Rational-CLM-ifix005 - CSRF
CVSS 8.8
CVE-2015-5445
HIGH
HP StoreOnce Backup System Software < 3.13.0 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5037
MEDIUM
IBM Connections < 3.0.1.1 - Authenticated Cross-Site Request Forgery
CVSS 5.4
CVE-2015-7407
HIGH
IBM Mashup Center 3.0.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5990
HIGH
Zyxel GS1900-10HP Firmware < 2.50(aazi.0)c0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7284
HIGH
ZyXEL NBG-418N 1.00(AADZ.3)C0 - Cross-Site Request Forgery
CVSS 8.0
CVE-2015-7281
HIGH
ReadyNet WRT300N-DD Firmware 1.0.26 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities
9,385
Exploit Likelihood
Medium