CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,385 vulnerabilities with CWE-352
CVE-2015-7563 HIGH
TeamPass < 2.1.24.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-8255 HIGH
AXIS Communications Firmware - Cross-Site Request Forgery via admin/pwdgrp.cgi vaconfig.cgi and admin/local_del.cgi
CVSS 8.8
CVE-2015-8624 HIGH
MediaWiki < 1.23.12, 1.24.x < 1.24.5, 1.25.x < 1.25.4, 1.26.x < 1.26.1 - Cross-Site Request Forgery via Timing Attack
CVSS 8.8
CVE-2015-8623 HIGH
MediaWiki < 1.23.12 and 1.24.x < 1.24.5 - Cross-Site Request Forgery via Timing Attack
CVSS 8.8
CVE-2015-8814 HIGH
Umbraco < 7.4.0 - Cross-Site Request Forgery via templates.asmx.cs
CVSS 8.8
CVE-2015-4593 HIGH
eClinicalWorks Population Health - Cross-Site Request Forgery in portalUserService.jsp
CVSS 8.8
CVE-2015-6541 HIGH
Zimbra Collaboration Server < 8.5 - Cross-Site Request Forgery via SOAP BatchRequest
CVSS 8.8
CVE-2015-8152 HIGH
Symantec Endpoint Protection Manager < 12.1 RU6-MP4 - Authenticated Remote Code Execution via CSRF
CVSS 8.0
CVE-2015-7446 HIGH
IBM Flash System V9000 <7.4.1.4-7.6.0.4 - CSRF
CVSS 8.8
CVE-2015-5351 HIGH
Apache Tomcat <7.0.68, <8.0.31, <9.0.0.M2 - CSRF
CVSS 8.8
CVE-2015-5338 HIGH
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery in Lesson Module
CVSS 8.8
CVE-2015-5335 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery via Registration Hub URL
CVSS 4.3
CVE-2015-5050 HIGH
IBM Emptoris Contract Management 9.5.0.x-10.0.4.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7678 HIGH
Ipswitch MOVEit Mobile <1.2.0.962 - CSRF
CVSS 8.8
CVE-2015-7537 HIGH
Jenkins <1.640-1.625.2 - CSRF
CVSS 8.8
CVE-2015-8379 HIGH
CakePHP 2.x and 3.x < 3.1.5 - Cross-Site Request Forgery Bypass via _method Parameter
CVSS 8.8
CVE-2015-5007 HIGH
IBM WebSphere Commerce 6.0-6.0.0.11, 7.0-7.0.0.9, 7.0 Feature Pack 8 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2015-3946 HIGH
Advantech WebAccess < 8.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7465 HIGH
IBM Jazz Reporting Service <6.0.0-Rational-CLM-ifix005 - CSRF
CVSS 8.8
CVE-2015-5445 HIGH
HP StoreOnce Backup System Software < 3.13.0 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5037 MEDIUM
IBM Connections < 3.0.1.1 - Authenticated Cross-Site Request Forgery
CVSS 5.4
CVE-2015-7407 HIGH
IBM Mashup Center 3.0.0.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-5990 HIGH
Zyxel GS1900-10HP Firmware < 2.50(aazi.0)c0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-7284 HIGH
ZyXEL NBG-418N 1.00(AADZ.3)C0 - Cross-Site Request Forgery
CVSS 8.0
CVE-2015-7281 HIGH
ReadyNet WRT300N-DD Firmware 1.0.26 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,385
Exploit Likelihood Medium