CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,389 vulnerabilities with CWE-352
CVE-2013-4562
omniauth-facebook 1.4.1-1.5.0 - Cross-Site Request Forgery via State Parameter
CVE-2013-2705
WordPress Simple Paypal Shopping Cart <3.6 - CSRF
CVE-2013-2692
OpenVPN Access Server <1.8.5 - CSRF
CVE-2013-5748
simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action
CVE-2013-7259
Neo4J < 2.2.0-M01 - Cross-Site Request Forgery via GremlinPlugin or Console Endpoint
CVE-2013-4726
DDSN Interactive cm3 Acora CMS - CSRF
CVE-2013-5954
Revive Adserver < 3.0.4 and OpenX < 2.8.11 - Cross-Site Request Forgery via Admin Endpoints
CVE-2013-2708
Content Slide 1.4.2 - Cross-Site Request Forgery via Plugin Settings
CVE-2013-2706
Stream Video Player 1.4.0 - Cross-Site Request Forgery
CVE-2013-3252
WP-PostViews < 1.63 - Cross-Site Request Forgery via Options Admin Page
CVE-2013-3251
qTranslate < 2.5.34 - Cross-Site Request Forgery via Plugin Settings
CVE-2013-2699
WordPress underConstruction <1.09 - CSRF
CVE-2013-2693
WP-Print < 2.52 - Cross-Site Request Forgery via Plugin Settings Manipulation
CVE-2013-7352
b2evolution < 4.1.7 - Cross-Site Request Forgery via show_statuses[] Parameter
CVE-2013-4240
HMS Testimonials < 2.0.10 - Cross-Site Request Forgery via Admin Page Actions
CVE-2013-7346
Symphony CMS < 2.3.2 - Cross-Site Request Forgery via SQL Injection in Authors Sort Parameter
CVE-2013-5443
IBM Cognos Express 9.0-10.2.1 - Cross-Site Request Forgery
CVE-2013-4057
IBM InfoSphere Information Server 8.5.x-8.5 FP3, 8.7.x-8.7 FP2, 9.1.x-9.1.2.0 - Cross-Site Request Forgery
CVE-2013-0301
owncloud < 4.0.12 - Cross-Site Request Forgery via Timezone Parameter
CVE-2013-0300
owncloud_server < 4.5.7 - Cross-Site Request Forgery via Calendar View Parameter
CVE-2013-0299
ownCloud < 4.0.12 and 4.5.x < 4.5.7 - Cross-Site Request Forgery via Multiple Endpoints
CVE-2013-4963
Puppet Enterprise < 3.0.1 - Cross-Site Request Forgery
CVE-2013-1399
Puppet Enterprise < 2.7.1 - Cross-Site Request Forgery in Console
CVE-2013-6188
HP System Management Homepage 7.1-7.2.2 - Cross-Site Request Forgery
CVE-2013-3729
Kasseler CMS < 2 - Cross-Site Request Forgery via Admin PHP Parameters
Details
Vulnerabilities 9,389
Exploit Likelihood Medium