CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,390 vulnerabilities with CWE-352
CVE-2013-1734
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Request Forgery via Attachment Update Action
CVE-2013-1733
Bugzilla 4.4.x < 4.4.1 - Cross-Site Request Forgery via Midair-Collision Token
CVE-2013-4689
Juniper Junos Multiple Versions - Cross-Site Request Forgery
CVE-2013-4056
IBM InfoSphere Information Server 8.7-9.1.2.0 - CSRF in Data Quality Console and Information Analyzer
CVE-2013-4306
MediaWiki 1.19.0-1.19.7 - Cross-Site Request Forgery in CheckUser Extension
CVE-2013-0580
IBM Data Growth Solution <9.1 - CSRF
CVE-2013-0736
Mingle Forum < 1.0.34 - Cross-Site Request Forgery
CVE-2013-3540
AirLive OD-2025HD OD-2060HD POE100HD POE200HD POE250HD POE2600HD - Cross-Site Request Forgery in User Group Management
CVE-2013-3963
Grandstream GXV Device Firmware - Cross-Site Request Forgery in User Management
CVE-2013-3690
Brickcom 100Ap Device Firmware <= 3.1.0.8 - Cross-Site Request Forgery in User Management
CVE-2013-3539
Ovislink Airlive Wl2600cam - CSRF
CVE-2013-0598
IBM Rational ClearQuest <7.1.2.12, <8.0.0.8, <8.0.1.1 - CSRF
CVE-2013-5937
Click2Sell Suite module 6.x-1.x - Cross-Site Request Forgery via Drupal Form API
CVE-2013-5696
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
CVE-2013-5494
Cisco Unified MeetingPlace - Cross-Site Request Forgery
CVE-2013-5672
IndiaNIC Testimonial Plugin 2.2 - Cross-Site Request Forgery via Admin Actions
CVE-2013-5708
Coursemill Learning Management System 6.8 - Cross-Site Request Forgery via Time-Based Token Prediction
CVE-2013-3605
Coursemill Learning Management System 6.6 - Cross-Site Request Forgery via Cookie Manipulation
CVE-2013-5471
Cisco Global Site Selector - Cross-Site Request Forgery
CVE-2013-3479
ShareThis < 7.0.6 - Cross-Site Request Forgery
CVE-2013-3472
Cisco Unified Communications Manager - Cross-Site Request Forgery in Enterprise License Manager
CVE-2013-3583
Corporater EPM Suite - Cross-Site Request Forgery via saveProperties.html
CVE-2013-3029
IBM WebSphere Application Server <8.5.5.1 - CSRF
CVE-2013-5316
RiteCMS 1.0.0 - Cross-Site Request Forgery via Administrator Password Change
CVE-2013-5313
BigTree CMS < 4.0 - Cross-Site Request Forgery via User Update Endpoint
Details
Vulnerabilities 9,390
Exploit Likelihood Medium