CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2014-2152
Cisco Prime Infrastructure - Cross-Site Request Forgery via INSERT Page
CVE-2014-9041
ownCloud <5.0.18, <6.0.6, <7.0.3 - CSRF
CVE-2014-9331
ZOHO ManageEngine Desktop Central <9 - CSRF
CVE-2014-7270
ASUS RT-AC87U, RT-AC68U, RT-AC56S, RT-N66U, RT-N56U Firmware - Cross-Site Request Forgery
CVE-2014-9587
Roundcube Webmail < 1.0.3 - Cross-Site Request Forgery in Address Book and Plugin Operations
CVE-2014-7957
Pods < 2.4.3 - Cross-Site Request Forgery
CVE-2014-8638
Mozilla Firefox <35.0, ESR 31.x <31.4, Thunderbird <31.4, SeaMonkey...
CVE-2014-100025
Savsoft Quiz - Cross-Site Request Forgery in User Data Insertion
CVE-2014-10027
D-Link DAP-1360 Firmware < 2.5.4 - Cross-Site Request Forgery via MAC Filter Management
CVE-2014-10025
D-Link DAP-1360 Firmware < 2.5.4 - Cross-Site Request Forgery via index.cgi
CVE-2014-10019
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery in WLAN Country Settings
CVE-2014-10014
PHPJabbers Event Booking Calendar 2.0 - Cross-Site Request Forgery
CVE-2014-10008
Stark CRM 1.0 - Cross-Site Request Forgery in Admin Page
CVE-2014-10006
Maian Uploader 4.0 - Cross-Site Request Forgery via Width Parameter
CVE-2014-10001
PHPJabbers Appointment Scheduler 2.0 - Cross-Site Request Forgery
CVE-2014-100005 HIGH KEV
D-Link DIR-600 Firmware < 2.16ww - Cross-Site Request Forgery via hedwig.cgi, pigwidgeon.cgi, or diagnostic.php
CVSS 8.0
CVE-2014-100001
SEO Plugin LiveOptim < 1.1.4-free - Cross-Site Request Forgery
CVE-2014-2838
GD Star Rating 19.22 - Cross-Site Request Forgery and SQL Injection via Stats Page
CVE-2014-9510
TP-Link TL-WR840N V1 Firmware - Cross-Site Request Forgery via Configuration File Import
CVE-2014-8031
Cisco WebEx Meetings Server - Cross-Site Request Forgery
CVE-2014-4636
EMC Documentum WDK < 6.7 - Cross-Site Request Forgery
CVE-2014-9525
Timed Popup 1.3 - Cross-Site Request Forgery via Plugin Settings
CVE-2014-9524
Facebook Like Box < 2.8.2 - Cross-Site Request Forgery and Cross-Site Scripting
CVE-2014-9523
WordPress Our Team Showcase <1.3 - CSRF
CVE-2014-2598
WordPress Quick Page/Post Redirect <5.0.5 - CSRF
Details
Vulnerabilities 9,386
Exploit Likelihood Medium