CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,390 vulnerabilities with CWE-352
CVE-2013-4881
BigTree CMS < 4.0 - Cross-Site Request Forgery via User Creation
CVE-2013-3253
Xhanch My Twitter < 2.7.7 - Cross-Site Request Forgery in Admin Settings
CVE-2013-3256
Shareaholic SexyBookmarks 6.1.4.0 - CSRF
CVE-2013-3992
IBM InfoSphere BigInsights 2.0-2.1 - Authenticated Cross-Site Request Forgery
CVE-2013-3450
Cisco Unified Communications Manager - Cross-Site Request Forgery via User WebDialer Page
CVE-2013-3451
Cisco Unified Communications Manager - Cross-Site Request Forgery
CVE-2013-4911
Siemens WinCC (TIA Portal) 11-12 - Cross-Site Request Forgery
CVE-2013-4671
Symantec Web Gateway < 5.1.1 - Authenticated Cross-Site Request Forgery
CVE-2013-4871
tq_seo < 5.0.0 - Cross-Site Request Forgery
CVE-2013-3420
Cisco Identity Services Engine - Cross-Site Request Forgery
CVE-2013-3491
Sharebar 1.2.5 - Cross-Site Request Forgery
CVE-2013-3424
Cisco Secure Access Control System - Cross-Site Request Forgery in Administration and View Pages
CVE-2013-2704
Dropdown Menu Widget 1.9.1 - Cross-Site Request Forgery
CVE-2013-1414
FortiOS < 4.3.13 and 5.x < 5.0.2 - Cross-Site Request Forgery
CVE-2013-3395
Cisco Content Security Management Appliance - Cross-Site Request Forgery
CVE-2013-2158
Services module 6.x-3.x and 7.x-3.x < 7.x-3.4 - Cross-Site Request Forgery
CVE-2013-3397
Cisco Unified Communications Manager - Cross-Site Request Forgery in Unified Serviceability
CVE-2013-3392
Cisco WebEx Social - Cross-Site Request Forgery
CVE-2013-3250
WP Maintenance Mode Plugin < 1.8.8 - Cross-Site Request Forgery
CVE-2013-2980
IBM Data Studio 3.1.0 and 3.1.1 - Cross-Site Request Forgery
CVE-2013-0144
QNAP VioStor NVR 4.0.3 - Cross-Site Request Forgery via User Creation
CVE-2013-2707
WordPress Login With Ajax <3.1 - CSRF
CVE-2013-3513
GroundWork Monitor Enterprise 6.7.0 - Cross-Site Request Forgery in Noma Component
CVE-2013-2703
crunchify facebook_members < 5.0.4 - Cross-Site Request Forgery
CVE-2013-2702
WordPress Easy AdSense Lite <6.10 - CSRF
Details
Vulnerabilities 9,390
Exploit Likelihood Medium