CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,389 vulnerabilities with CWE-352
CVE-2013-6976
Cisco EPC3925 - Cross-Site Request Forgery via Quick Setup Password Change
CVE-2013-6883
CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Cross-Site Request Forgery
CVE-2013-6192
HP Operations Orchestration < 9 - Cross-Site Request Forgery
CVE-2013-6710
Cisco WebEx Training Center - Cross-Site Request Forgery
CVE-2013-4000
IBM Cognos Command Center < 10.2 - Cross-Site Request Forgery
CVE-2013-2752
NETGEAR ReadyNAS <4.1.12, <4.2.x - CSRF
CVE-2013-7043
Cisco Scientific Atlanta DPR2320R2 Firmware 2.0.2r1262-090417 - Cross-Site Request Forgery via Multiple Endpoints
CVE-2013-5355
Sharetronix 3.1.1 - Cross-Site Request Forgery
CVE-2013-6852
HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method
CVE-2013-6173
EMC Document Sciences xPression 4.1 SP1-4.5 - Cross-Site Request Forgery in xAdmin and xDashboard
CVE-2013-5993
LOCKON EC-CUBE 2.11.0-2.13.0 - Cross-Site Request Forgery
CVE-2013-6826
FortiAnalyzer < 5.0.5 - Cross-Site Request Forgery via csrf_token Parameter
CVE-2013-5730
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
CVE-2013-3095
D-Link DIR865L Firmware < 1.05b07 - Cross-Site Request Forgery via hedwig.cgi or pigwidgeon.cgi
CVE-2013-6797
Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery via bw_url Parameter
CVE-2013-3694
BlackBerry Link < 1.2.1.31 (Windows) & < 1.1.1.39 (Mac OS X) - Arbitrary File Read/Write via IPv6 WebDAV
CVE-2013-4555
SPIP < 2.1.24 - Cross-Site Request Forgery via Logout Action
CVE-2013-6357
Apache Tomcat < 5.5.25 - Cross-Site Request Forgery via Manager Application
CVE-2013-5726
Tweetbot - Cross-Site Request Forgery via tweetbot:///follow/ URL
CVE-2013-4050
IBM Lotus Domino 8.5 and 9.0 - Authenticated Cross-Site Request Forgery
CVE-2013-6346
Novell ZENworks Configuration Management < 11.2.4 - Cross-Site Request Forgery
CVE-2013-5977
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
CVE-2013-2701
Social Sharing Toolkit <2.1.1 - CSRF
CVE-2013-6018
Tyler Technologies TaxWeb 3.13.3.1 - Cross-Site Request Forgery in login.jsp
CVE-2013-1734
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Request Forgery via Attachment Update Action
Details
Vulnerabilities 9,389
Exploit Likelihood Medium