CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2015-4350
Spider Catalog for Drupal - Cross-Site Request Forgery
CVE-2015-4349
Spider Contacts for Drupal - Cross-Site Request Forgery via Contact Category Deletion
CVE-2015-2954
Igreks MilkyStep Light < 0.94 and Professional < 1.82 - Cross-Site Request Forgery
CVE-2015-4108
Wing FTP Server < 4.4.6 - Cross-Site Request Forgery via admin_lua_script.html or admin_addadmin.html
CVE-2015-3096
Adobe Flash Player <13.0.0.292,14.x<18.0.0 - Auth Bypass
CVE-2015-1771
Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 - Cross-Site Request Forgery
CVE-2015-4010
Encrypted Contact Form < 1.1 - Cross-Site Request Forgery via iframe_url Parameter
CVE-2015-3624
ektron Content Management System < 9.1 - Cross-Site Request Forgery via Menu Actions Endpoint
CVE-2015-2961
Zoho NetFlow Analyzer <10250 - CSRF
CVE-2015-3950
XZERES 442SR OS - Cross-Site Request Forgery via Default Admin User Selection
CVE-2015-0541
RSA Web Threat Detection < 5.0 - Cross-Site Request Forgery
CVE-2015-0759
Cisco Headend Digital Broadband Delivery System - Cross-Site Request Forgery
CVE-2015-0218
Moodle < 2.5.9 and 2.6.x < 2.6.7 - Cross-Site Request Forgery in Shibboleth Logout
CVE-2015-0213
Moodle < 2.5.9 and 2.6.x < 2.6.7 - Cross-Site Request Forgery in Glossary Module
CVE-2015-2852
Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, SV3800 < 3.8.4 - Cross-Site Request Forgery in WebUI
CVE-2015-3902
phpMyAdmin <4.0.10.10-4.4.6.1 - CSRF
CVE-2015-1894
IBM InfoSphere Optim Workload Replay 2.x - Cross-Site Request Forgery
CVE-2015-0741
Cisco Prime Central for Hosted Collaboration Solution < 10.6(1) - Cross-Site Request Forgery
CVE-2015-3141
Synametrics Technologies Xeams <4.5 Build 5755 - CSRF
CVE-2015-0740
Cisco Unified Intelligence Center 10.6(1) - Cross-Site Request Forgery
CVE-2015-0735
Cisco Unified Customer Voice Portal 10.5(1) - Cross-Site Request Forgery
CVE-2015-0736
Cisco MediaSense 10.5(1) and earlier - Cross-Site Request Forgery
CVE-2015-3986
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Request Forgery via tcp_box_path Parameter
CVE-2015-0716
Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) - Cross-Site Request Forgery in CUCReports Page
CVE-2015-2248
SonicWALL Remote Access Firmware < 7.5.1.0-38sv - Cross-Site Request Forgery via Bookmark Creation
Details
Vulnerabilities 9,386
Exploit Likelihood Medium