CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2014-5217
NetIQ Access Manager 4.x < 4.1 - Cross-Site Request Forgery via Administration Console
CVE-2014-9407
Revive Adserver < 3.0.4 - Cross-Site Request Forgery via Admin Endpoints
CVE-2014-9368
twitterdash < 2.1 - Cross-Site Request Forgery via username_twitterDash Parameter
CVE-2014-9341
yURL ReTwitt < 1.4 - Cross-Site Request Forgery via yurl_login or yurl_anchor Parameter
CVE-2014-9340
wpCommentTwit < 0.5 - Cross-Site Request Forgery via Username or Password Parameter
CVE-2014-9339
SPNbabble 1.4.1 - Cross-Site Request Forgery via Username or Password Parameter
CVE-2014-9338
O2Tweet < 0.0.4 - Cross-Site Request Forgery via o2t_username or o2t_tags Parameter
CVE-2014-9337
Mikiurl Wordpress Eklentisi <2.0 - CSRF
CVE-2014-9336
iTwitter < 0.04 - Cross-Site Request Forgery via iTwitter.php Parameters
CVE-2014-9335
WordPress DandyID Services <1.5.9 - CSRF
CVE-2014-6077
IBM Security Access Manager for Web 7.x < 7.0.0 FP10 and 8.x < 8.0.1 - Cross-Site Request Forgery
CVE-2014-5437
ARRIS Touchstone TG862G/CT Firmware < 7.6.59s.ct - Cross-Site Request Forgery
CVE-2014-8246
CA Release Automation < 4.7.1 - Cross-Site Request Forgery
CVE-2014-9385
Zenoss Core through 5 Beta 3 - Cross-Site Request Forgery via ZenPack Upload
CVE-2014-6253
Zenoss Core < 5.0.0 - Cross-Site Request Forgery
CVE-2014-3058
IBM WebSphere DataPower XC10 Appliance 2.1 and 2.5 - Authenticated Cross-Site Request Forgery
CVE-2014-7809
Apache Struts 2.0.0-2.3.x - Cross-Site Request Forgery via Predictable Token Values
CVE-2014-9344
Snowfox CMS < 1.0 - Cross-Site Request Forgery via Admin Account Creation
CVE-2014-9300
Alfresco < 5.0.a - Cross-Site Request Forgery via CMIS Browser Servlet URL Parameter
CVE-2014-9129
CM Download Manager < 2.0.6 - Cross-Site Request Forgery via Addons Title Parameter
CVE-2014-8773
MODX Revolution <2.2.15 - CSRF Bypass
CVE-2014-8771
X3 CMS 0.5.1 and 0.5.1.1 - Cross-Site Request Forgery in Admin Area
CVE-2014-8429
xEpan CMS <= 1.0.4.1 - Cross-Site Request Forgery via Administrative Account Creation
CVE-2014-4829
IBM Security QRadar SIEM/QRadar Risk Mgr <7.1 MR2-7.2.4 Patch 1 - CSRF
CVE-2014-9104
OpenVPN Access Server <1.5.6 - CSRF
Details
Vulnerabilities 9,386
Exploit Likelihood Medium