CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2015-0705
Cisco Unified MeetingPlace 8.6(1.9) - Cross-Site Request Forgery via SOAP API Endpoints
CVE-2015-0704
Cisco Unified MeetingPlace 8.6(1.9) - Cross-Site Request Forgery in API Features
CVE-2015-3388
Commerce Balanced Payments < 7.x-1.2 - Cross-Site Request Forgery via Bank Account Deletion
CVE-2015-3382
Node basket < 7.x-1.0-rc2 - Cross-Site Request Forgery via Add/Remove Node Actions
CVE-2015-3380
Feature Set module for Drupal < 7.x-1.0-beta1 - Cross-Site Request Forgery
CVE-2015-3375
Shibboleth Authentication <6.x-4.1, 7.x-4.x - CSRF
CVE-2015-3374
Corner module for Drupal - Cross-Site Request Forgery via Corner Enable/Disable Actions
CVE-2015-3370
Node Invite < 6.x-2.3 - Cross-Site Request Forgery via Re-enable Invitation Request
CVE-2015-3367
Patterns < 7.x-2.1 - Cross-Site Request Forgery via Pattern Management Actions
CVE-2015-3366
Alfresco < 6.x-1.2 - Cross-Site Request Forgery via Node Deletion
CVE-2015-3363
Contact Form Fields < 6.x-2.2 - Cross-Site Request Forgery via Field Deletion
CVE-2015-3356
Tadaa! < 7.x-1.3 - Cross-Site Request Forgery via Module Enable/Disable and Variable Change
CVE-2015-3355
Batch Jobs < 7.x-1.1 - Cross-Site Request Forgery via Batch Job Deletion or Task Execution
CVE-2015-3354
Wishlist < 6.x-2.6 and 7.x-2.x - Cross-Site Request Forgery
CVE-2015-3352
Drupal Jammer module <6.x-1.8 & 7.x-1.4 - CSRF
CVE-2015-3351
Log Watcher module < 6.x-1.x-dev - Cross-Site Request Forgery
CVE-2015-3350
Drupal Todo Filter <6.x-1.1, 7.x-1.1 - CSRF
CVE-2015-3349
htaccess_project htaccess < 7.x-2.2 - Cross-Site Request Forgery via .htaccess File Deployment or Deletion
CVE-2015-3347
Cloudwords for Multilingual Drupal <7.x-2.3 - CSRF
CVE-2015-3343
OPAC module < 7.x-2.3 - Cross-Site Request Forgery
CVE-2015-0970 HIGH
SearchBlox < 8.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2015-0700
Cisco Secure Access Control Server Solution Engine - Cross-Site Request Forgery in Dashboard Page
CVE-2015-2940
MediaWiki CheckUser Extension - Cross-Site Request Forgery
CVE-2015-2295
pfSense < 2.2 - Cross-Site Request Forgery via system_firmware_restorefullbackup.php deletefile Parameter
CVE-2015-0905
bBlog - Cross-Site Request Forgery
Details
Vulnerabilities 9,386
Exploit Likelihood Medium