CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,386 vulnerabilities with CWE-352
CVE-2014-5346
Disqus Comment System 2.77 - Cross-Site Request Forgery via Plugin Activation/Deactivation or Comment Import/Export
CVE-2014-5333
Adobe AIR < 14.0.0.178 - Cross-Site Request Forgery via Crafted SWF OBJECT Element
CVE-2014-5205
WordPress < 3.9.2 - Cross-Site Request Forgery via Brute-Force Token Bypass
CVE-2014-5204
Debian Linux < 3.9.1 - CSRF
CVE-2014-0969
IBM InfoSphere Master Data Management - Cross-Site Request Forgery in GDS Component
CVE-2014-1546
Bugzilla 3.x-4.0.13, 4.1.x-4.2.9, 4.3.x-4.4.4, 4.5.x-4.5.4 - Cross-Site Request Forgery via JSONP Callback
CVE-2014-5199
WordPress File Upload < 2.4.1 - Cross-Site Request Forgery via Plugin Settings Change
CVE-2014-3854
Pyplate 0.08 - Cross-Site Request Forgery via Title Parameter
CVE-2014-3896
Seeds acmailer <3.8.17, <3.9.10 - CSRF
CVE-2014-2974
Silver Peak VX <= 6.2.4 - Cross-Site Request Forgery in User Account Management
CVE-2014-3305
Cisco WebEx Meetings Server < 1.5(1.131) - Cross-Site Request Forgery
CVE-2014-5100
Omeka < 2.2.1 - Cross-Site Request Forgery
CVE-2014-2369
Omron NS5, NS8, NS10, NS12, NS15 HMI Terminals 8.1xx-8.68x - Authenticated Cross-Site Request Forgery
CVE-2014-4964
Shopizer < 1.1.5 - Cross-Site Request Forgery
CVE-2014-4671
Adobe Flash Player <14.0.0.145 - CSRF
CVE-2014-0864
IBM Algo Credit Limits 4.5.0-4.7.0 - Cross-Site Request Forgery via Crafted XML Document
CVE-2014-4718
Lunar CMS < 3.3 - Cross-Site Request Forgery
CVE-2014-4717
WordPress Simple Share Buttons Adder <4.5 - CSRF
CVE-2014-4716
Thomson TWG87OUIR - Cross-Site Request Forgery via Password Change Form
CVE-2014-3920
Kanboard < 1.0.6 - Cross-Site Request Forgery via Administrative User Addition
CVE-2014-4614
Piwigo < 2.6.2 - Cross-Site Request Forgery via Multiple Admin Methods
CVE-2014-3881
Intercom Web Kyukincho 3.x - Cross-Site Request Forgery
CVE-2014-4030
JW Player for Flash & HTML5 Video Plugin < 2.1.4 - Cross-Site Request Forgery via Player Deletion
CVE-2014-3882
Login rebuilder < 1.2.0 - Cross-Site Request Forgery
CVE-2014-4333
Dolphin < 7.1.4 - Cross-Site Request Forgery via members[] Parameter
Details
Vulnerabilities 9,386
Exploit Likelihood Medium