CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,390 vulnerabilities with CWE-352
CVE-2013-2709
FourSquare Checkins < 1.3 - Cross-Site Request Forgery
CVE-2013-2696
All in One Webmaster < 8.2.4 - Cross-Site Request Forgery
CVE-2013-3269
Cybozu Office <8.1.6, <9.3.0 - CSRF
CVE-2013-2305
Cybozu Office < 8.1.6 and 9.x < 9.3.0, Cybozu Dezie < 8.0.7, and Cybozu Mailwise < 5.0.4 - Cross-Site Request Forgery
CVE-2013-1088
Novell iManager < 2.7 SP6 Patch 1 - Cross-Site Request Forgery
CVE-2013-2697
WP-DownloadManager < 1.61 - Cross-Site Request Forgery
CVE-2013-2778
PHP Address Book 8.2.5 - Cross-Site Request Forgery via Delete User Endpoint
CVE-2013-2762
Schneider Electric Magelis XBT - Auth Bypass
CVE-2013-0663
Schneider Electric Modicon Quantum, M340, and Premium PLC - Cross-Site Request Forgery
CVE-2013-0532
IBM Security AppScan Enterprise 5.6 and 8.x < 8.7 - Cross-Site Request Forgery
CVE-2013-0452
IBM Software Use Analysis < 1.3.3 - Cross-Site Request Forgery via Flash AMF Messages
CVE-2013-0320
Taxonomy Manager 6.x-2.x < 6.x-2.2 and 7.x-1.x < 7.x-1.0-rc1 - Cross-Site Request Forgery
CVE-2013-0489
IBM Lotus Domino 8.5.x - Authenticated Cross-Site Request Forgery in Web Administrator Client
CVE-2013-0126
Verizon FIOS Actiontec MI424WR-GEN3I Router Firmware 40.19.36 - Cross-Site Request Forgery via index.cgi
CVE-2013-0717
NEC AtermWR and AtermWM Routers - Cross-Site Request Forgery
CVE-2013-0328
Jenkins < 1.502 and LTS < 1.480.3 - Cross-Site Scripting
CVE-2013-0327
Jenkins < 1.502 and LTS < 1.480.3 - Cross-Site Request Forgery
CVE-2013-0207
Mark Complete 7.x-1.x - Cross-Site Request Forgery
CVE-2013-0205
RESTful Web Services 7.x-1.x < 7.x-1.2 and 7.x-2.x < 7.x-2.0-alpha4 - Cross-Site Request Forgery
CVE-2013-1468
Piwigo < 2.4.7 - Cross-Site Request Forgery via LocalFiles Editor Plugin
CVE-2013-1153
Cisco Prime Infrastructure - Cross-Site Request Forgery
CVE-2013-1128
Cisco Unified MeetingPlace <7.1.2.2000 - CSRF
CVE-2013-1639
Opera < 12.13 - Cross-Site Request Forgery via CORS Preflight Bypass
CVE-2013-1120
Cisco Unity Express Software < 8.0 - Cross-Site Request Forgery
CVE-2013-0214
Samba 3.x < 3.5.21, 3.6.x < 3.6.12, 4.x < 4.0.2 - Cross-Site Request Forgery in SWAT
Details
Vulnerabilities 9,390
Exploit Likelihood Medium