CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2014-2559
Twitget < 3.3.1 - Cross-Site Request Forgery via Plugin Options Change
CVE-2014-0570
Adobe ColdFusion 9.0-9.0.2, 10, 11 - Cross-Site Request Forgery
CVE-2014-6409
m/monit < 3.3.2 - Cross-Site Request Forgery via User Update Endpoint
CVE-2014-4510
apt-cacher-ng - Cross-Site Scripting via Crafted URL
CVE-2014-0168
Jolokia < 1.2.1 - Cross-Site Request Forgery via MBeans Method Execution
CVE-2014-6299
mm_forum < 1.9.3 - Cross-Site Request Forgery via Post Creation
CVE-2014-7158
Exinda WAN Optimization Suite 7.0.0 - CSRF
CVE-2014-2641
HP System Management Homepage < 7.4 - Authenticated Cross-Site Request Forgery
CVE-2014-7190
Openfiler 2.99.1 - Cross-Site Request Forgery via System Shutdown/Reboot
CVE-2014-4816
IBM WebSphere Application Server <8.5.5.4 - CSRF
CVE-2014-4865
CacheGuard OS 5.7.7 - Cross-Site Request Forgery in Password Admin Interface
CVE-2014-4785
IBM Initiate Master Data Service <9.5.093013-10.1.093013 - CSRF
CVE-2014-4783
IBM Initiate Master Data Service <9.5.093013-10.1.093013 - CSRF
CVE-2014-3037
IBM Rational Rhapsody Design Manager < 4.0.7 and 5.x < 5.0.1 - Authenticated Cross-Site Request Forgery
CVE-2014-2390
McAfee Network Security Manager < 6.1.15.39 - Cross-Site Request Forgery in User Management Module
CVE-2014-3024
IBM Maximo Asset Management 7.1-7.1.1.12 and 7.5-7.5.0.6 - Authenticated Cross-Site Request Forgery
CVE-2014-3907
MailPoet Newsletters <2.6.11 - CSRF
CVE-2014-3061
IBM Emptoris Spend Analysis 9.5.x-9.5.0.3, 10.0.1.x-10.0.1.2, 10.0.2.x-10.0.2.3 - Cross-Site Request Forgery
CVE-2014-3040
IBM Emptoris Spend Analysis 9.5.x < 9.5.0.4, 10.0.1.x < 10.0.1.3, 10.0.2.x < 10.0.2.4 - Cross-Site Request Forgery
CVE-2014-5335
innovaphone PBX < 10.00 - Cross-Site Request Forgery via CMD0/mod_cmd.xml or PBX0/ADMIN/mod_cmd_login.xml
CVE-2014-2633
HP Service Manager 7.21 and 9.x < 9.34 - Cross-Site Request Forgery
CVE-2014-5241
MediaWiki < 1.19.18, 1.20.x-1.22.x < 1.22.9, 1.23.x < 1.23.2 - Cross-Site Request Forgery via JSONP Callback
CVE-2014-2518
EMC Documentum WDK <6.7SP1 P28, <6.7SP2 P15 - CSRF
CVE-2014-0641
EMC RSA Archer GRC Platform 5.x - Cross-Site Request Forgery
CVE-2014-5347
Disqus Comment System < 2.76 - Cross-Site Request Forgery via Multiple Parameters
Details
Vulnerabilities 9,386
Exploit Likelihood Medium