CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,386 vulnerabilities with CWE-352
CVE-2015-2838
Citrix NetScaler - Cross-Site Request Forgery via Nitro API
CVE-2015-2755
AB Google Map Travel < 3.4 - Cross-Site Request Forgery via Map Configuration Parameters
CVE-2015-0807
Firefox < 37.0 and Firefox ESR < 31.6 - Cross-Site Request Forgery via navigator.sendBeacon Redirect Handling
CVE-2015-0985
XZERES 442SR OS - Cross-Site Request Forgery via Password Change GET Request
CVE-2015-2770
Websense V-Series Appliances < 7.7 - Cross-Site Request Forgery
CVE-2015-2769
Websense TRITON AP-EMAIL < 7.8.3 - Cross-Site Request Forgery in Personal Email Manager
CVE-2015-2759
McAfee Data Loss Prevention Endpoint < 9.3.400 - Cross-Site Request Forgery
CVE-2015-2701
CS-Cart 4.2.4 - Cross-Site Request Forgery via Password Change Request
CVE-2015-2680
GeniXCMS < 0.0.2 - Cross-Site Request Forgery via Administrator Account Addition
CVE-2015-2676
ASUS RT-G32 Firmware 2.0.2.6 and 2.0.3.2 - Cross-Site Request Forgery via start_apply.htm
CVE-2015-2350
MikroTik RouterOS < 5.0 - Cross-Site Request Forgery via Status Page
CVE-2015-2334
MyBB < 1.8.4 - Cross-Site Request Forgery in Admin Control Panel Login
CVE-2015-2293
WordPress SEO by Yoast < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 - Cross-Site Request Forgery
CVE-2015-1874
Contact Form DB < 2.8.32 - Cross-Site Request Forgery via CF7DBPluginSubmissions Page
CVE-2015-0895
All In One WP Security & Firewall < 3.9.0 - Cross-Site Request Forgery
CVE-2015-0651
Cisco Application Networking Manager - Cross-Site Request Forgery
CVE-2015-2089
CrossSlide jQuery Plugin 2.0.5 - Cross-Site Request Forgery via Plugin Settings
CVE-2015-2084
Easy Social Icons < 1.2.2 - Cross-Site Request Forgery via Image File Parameter
CVE-2015-2083
Ilch CMS - Cross-Site Request Forgery via Profile Field Addition
CVE-2015-2048
D-Link DCS-931L Firmware < 1.04 - Cross-Site Request Forgery
CVE-2015-2039
Acobot Live Chat & Contact Form 2.0 - Cross-Site Request Forgery
CVE-2015-1614
WordPress Image Metadata Cruncher - CSRF
CVE-2015-1585
Fat Free CRM < 0.13.6 - Cross-Site Request Forgery via Missing Authenticity Token
CVE-2015-1581
Mobile Domain plugin 1.5.2 for WordPress - CSRF
CVE-2015-1580
Redirection Page 1.2 - Cross-Site Request Forgery and Cross-Site Scripting via Source and Redir Parameters
Details
Vulnerabilities
9,386
Exploit Likelihood
Medium