CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2015-1559
eFront Open Source Edition <3.6.15.3 - CSRF
CVE-2015-1432
phpBB < 3.0.12 - Cross-Site Request Forgery in Message Options
CVE-2015-1568
Drupal GD Infinite Scroll <7.x-1.4 - CSRF
CVE-2015-0596
Cisco WebEx Meetings Server < 1.5(.1.131) - Cross-Site Request Forgery
CVE-2015-1424
Gecko CMS 2.2-2.3 - Cross-Site Request Forgery via Admin User Creation
CVE-2015-1374
ferretCMS 1.0.4-alpha - Cross-Site Request Forgery in admin.php
CVE-2015-0588
Cisco Unified Communications Domain Manager 10 - Cross-Site Request Forgery
CVE-2015-0920
Banner Effect Header 1.2.6 - Cross-Site Request Forgery via Banner Effect Email Parameter
CVE-2014-125028 MEDIUM
valtech IDP Test Client < 2014-09-25 - Cross-Site Request Forgery
CVSS 4.3
CVE-2014-8942 HIGH
Lexiglot < 2014-11-20 - Cross-Site Request Forgery
CVSS 8.8
CVE-2014-2225 HIGH
Ubiquiti Networks UniFi Controller <3.2.1 - CSRF
CVSS 8.8
CVE-2014-5288 HIGH
Kemp Load Master < 7.1.20b - Cross-Site Request Forgery in Administrative Pages
CVSS 8.8
CVE-2014-2050 MEDIUM
owncloud < 5.0.15 and 6.0.0-6.0.2 - Cross-Site Request Forgery via Host Header
CVSS 6.5
CVE-2014-9382 MEDIUM
Freebox OS Web interface 3.0.2 - CSRF
CVSS 6.5
CVE-2014-5516 MEDIUM
KonaKart < 7.3.0.0 - Cross-Site Request Forgery via GET Request
CVSS 6.5
CVE-2014-3590 MEDIUM
Red Hat Satellite 6 - Cross-Site Request Forgery in Logout Action
CVSS 6.5
CVE-2014-3136 HIGH
D-Link DWR-113 Firmware < 2.03b02 - Cross-Site Request Forgery
CVSS 8.8
CVE-2014-0197 HIGH
Red Hat CloudForms Management Engine 5.0-5.9.3.1 - Cross-Site Request Forgery via Permissive Referrer Header Check
CVSS 8.8
CVE-2014-0026 MEDIUM
Red Hat Subscription Asset Manager - Cross-Site Request Forgery in REST API
CVSS 6.5
CVE-2014-3655 MEDIUM
KeyCloak < 1.0.1 - Cross-Site Request Forgery via Soft Token Deletion
CVSS 4.3
CVE-2014-10382 MEDIUM
featured_comments < 1.2.5 - Cross-Site Request Forgery
CVSS 4.3
CVE-2014-10381 HIGH
user_domain_whitelist < 1.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2014-7198 HIGH
OMERO < 5.0.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2014-6046 HIGH
phpmyfaq < 2.8.13 - Cross-Site Request Forgery
CVSS 8.8
CVE-2014-0594 HIGH
Open Build Service < 2.4.6 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,386
Exploit Likelihood Medium