CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,390 vulnerabilities with CWE-352
CVE-2013-0460
IBM WebSphere Application Server 6.1-7.0 - Cross-Site Request Forgery in Administrative Console Portlet
CVE-2013-1109
Cisco WebEx Training Center - Cross-Site Request Forgery via testingLibraryAction.do
CVE-2012-10017 MEDIUM
BestWebSoft Portfolio Plugin <2.06 - CSRF
CVSS 4.3
CVE-2012-10015 MEDIUM
BestWebSoft Twitter Plugin <2.14 - CSRF
CVSS 4.3
CVE-2012-10012 MEDIUM
BestWebSoft Facebook Like Button <2.13 - CSRF
CVSS 4.3
CVE-2012-10010 MEDIUM
BestWebSoft Contact Form <3.22 - CSRF
CVSS 4.3
CVE-2012-2629 HIGH
Axous < 1.1.1 - Cross-Site Request Forgery and Cross-Site Scripting
CVSS 8.8
CVE-2012-6721 MEDIUM
SocialEngine < 4.2.4 - Cross-Site Request Forgery in Forum, Event, and Classifieds Plugins
CVSS 6.3
CVE-2012-6297 HIGH
DD-WRT 24-sp2 - Command Injection via CSRF
CVSS 8.8
CVE-2012-2079 HIGH
Drupal Activity module 6.x-1.x - Cross-Site Request Forgery
CVSS 8.8
CVE-2012-4385 MEDIUM
LetoDMS 3.3.6 - Cross-Site Request Forgery via Change Password
CVSS 6.5
CVE-2012-0699 HIGH
Family Connections CMS < 2.9.0 - Cross-Site Request Forgery via News or Prayer Add Action
CVSS 8.8
CVE-2012-4568 HIGH
LetoDMS < 3.3.7 - Cross-Site Request Forgery
CVSS 8.8
CVE-2012-1978
Simple PHP Agenda < 2.2.8 - Cross-Site Request Forgery via Admin and Event Management
CVE-2012-4902
Template CMS < 2.1.1 - Cross-Site Request Forgery via Admin User Creation or Theme Editor
CVE-2012-6691
oscmax < 2.5.1 - Cross-Site Request Forgery in Admin Panel
CVE-2012-2930
TinyWebGallery < 1.8.8 - Cross-Site Request Forgery via Admin User Management
CVE-2012-1415
DFLabs PTK < 1.0.5 - Cross-Site Request Forgery in Logout Function
CVE-2012-1203
SyndeoCMS < 3.0.00 - Cross-Site Request Forgery via User Account Creation
CVE-2012-5500
Plone < 4.2.3 - Cross-Site Request Forgery via Batch ID Change Script
CVE-2012-5695
Bulb Security Smartphone Pentest Framework 0.1.2-0.1.4 - Cross-Site Request Forgery
CVE-2012-5701
dotproject < 2.1.7 - Authenticated SQL Injection via Multiple Parameters
CVE-2012-5683
ZPanel < 10.0.1 - Cross-Site Request Forgery via FTP User Creation
CVE-2012-6342
Atlassian Confluence 3.4.6 - Cross-Site Request Forgery via Logout Action
CVE-2012-4921
DVS Custom Notification <1.0.1 - CSRF
Details
Vulnerabilities 9,390
Exploit Likelihood Medium