CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,389 vulnerabilities with CWE-352
CVE-2014-0831
IBM Financial Transaction Manager < 2.0.0.3 - Cross-Site Request Forgery in OAC Component
CVE-2014-0835
IBM QRadar Security Information and Event Manager < 7.2.0 - Cross-Site Request Forgery
CVE-2014-0010
Moodle < 2.2.11, 2.3.x < 2.3.11, 2.4.x < 2.4.8, 2.5.x < 2.5.4, 2.6.x < 2.6.1 - Cross-Site Request Forgery
CVE-2014-1211
VMware vCloud Director 5.1.x - Cross-Site Request Forgery via Logout Request
CVE-2014-1473
McAfee Vulnerability Manager <= 7.5.5 - Cross-Site Request Forgery in Enterprise Manager
CVE-2014-0621
Technicolor TC7200 STD6.01.12 - Cross-Site Request Forgery via Multiple Endpoints
CVE-2013-10029 MEDIUM
WordPress Exit Box Lite Plugin <= 1.06 - Cross-Site Request Forgery in exitboxadmin Function
CVSS 4.3
CVE-2013-10027 MEDIUM
Blogger Importer Plugin <0.6 - CSRF
CVSS 4.3
CVE-2013-10025 MEDIUM
Exit Strategy Plugin 1.55 - Cross-Site Request Forgery in exitpageadmin Function
CVSS 4.3
CVE-2013-4227 HIGH
Mozilla Persona 7.x-1.0-7.x-1.10 - Cross-Site Request Forgery via Non-String Security Token
CVSS 8.8
CVE-2013-4792 MEDIUM
PrestaShop < 1.4.11 - Cross-Site Request Forgery via Logout Action
CVSS 5.5
CVE-2013-2109 HIGH
wp_cleanfix - Remote Code Execution
CVSS 8.8
CVE-2013-2108 MEDIUM
WordPress WP Cleanfix Plugin 2.4.4 - Cross-Site Request Forgery
CVSS 5.4
CVE-2013-3568 HIGH
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2013-7053 HIGH
D-Link DIR-100 Firmware 4.03B07 - Cross-Site Request Forgery via cli.cgi
CVSS 8.8
CVE-2013-3093 HIGH
ASUS RT-N56U Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2013-4865 MEDIUM
MiCasaVerde VeraLite <1.5.408 - CSRF
CVSS 6.5
CVE-2013-3935 HIGH
Opsview < 4.4.1 and Opsview Core < 20130522 - Cross-Site Request Forgery
CVSS 8.8
CVE-2013-0196 MEDIUM
OpenShift Enterprise 1.2 - Cross-Site Request Forgery in Web Console
CVSS 6.5
CVE-2013-4665 MEDIUM
SPBAS Business Automation Software 2012 - CSRF
CVSS 6.5
CVE-2013-6811 HIGH
D-Link DSL-6740U Firmware - Cross-Site Request Forgery in Administrator Settings
CVSS 8.8
CVE-2013-3312 HIGH
Loftek Nexus 543 Firmware - Cross-Site Request Forgery via set_users.cgi
CVSS 8.8
CVE-2013-3366 HIGH
TRENDnet TEW-812DRU Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2013-3516 MEDIUM
NETGEAR WNR3500U and WNR3500L - Cross-Site Request Forgery via Predictable Form Tokens
CVSS 6.5
CVE-2013-6275 MEDIUM
Horde Groupware < 5.1.2 - Cross-Site Request Forgery in basic.php
CVSS 6.5
Details
Vulnerabilities 9,389
Exploit Likelihood Medium