CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,390 vulnerabilities with CWE-352
CVE-2012-5450
CMS Made Simple < 1.11.2 - Cross-Site Request Forgery via deld Parameter
CVE-2012-4478
Drag & Drop Gallery 6.x - Cross-Site Request Forgery
CVE-2012-6047
x7_chat < 2.0.5.1 - Cross-Site Request Forgery via Admin Panel User Group Addition
CVE-2012-4205
Mozilla Firefox/Thunderbird <17.0, SeaMonkey <2.14 - CSRF via XMLHttpRequest in Sandboxed Add-ons
CVE-2012-4943
Agile FleetCommander & Kiosk <4.08 - CSRF
CVE-2012-4935
Pattern Insight 2.3 - Cross-Site Request Forgery
CVE-2012-5898
SAMEDIA LandShop 0.9.2 - Cross-Site Request Forgery
CVE-2012-5891
DAlbum < 1.44 - Cross-Site Request Forgery in User Management
CVE-2012-4853
IBM WebSphere Application Server <8.5.0.1 - CSRF
CVE-2012-4732
Request Tracker <3.8.15-4.0.8 - CSRF
CVE-2012-4486
boombatower subuser < 6.x-1.7 - Cross-Site Request Forgery via Subuser Switch
CVE-2012-5387
White Label CMS < 1.5.1 - Cross-Site Request Forgery via wlcms_o_developer_name Parameter
CVE-2012-4773
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
CVE-2012-1900
RazorCMS < 1.2.1 - Cross-Site Request Forgery via showcats Action
CVE-2012-4002
GLPI < 0.83.3 - Cross-Site Request Forgery
CVE-2012-5326
iSupport 1.x - Cross-Site Request Forgery via Administrator Account Addition
CVE-2012-5323
Xavi X7968 - Cross-Site Request Forgery via Password Change Form
CVE-2012-5320
Sagem F@ST 2604 - Cross-Site Request Forgery via sysPassword Parameter
CVE-2012-5319
D-Link DCS-2000, DCS-5300, and DCS-900 - Cross-Site Request Forgery via rootpass Parameter
CVE-2012-1416
SocialCMS 1.0.2 - Cross-Site Request Forgery in Administrator Account Management
CVE-2012-1308
D-Link DSL-2640B Firmware EU_4.00 - Cross-Site Request Forgery via sysPassword Parameter
CVE-2012-5308
IBM Lotus Notes Traveler <8.5.3.3 - CSRF
CVE-2012-1414
Plume CMS < 1.2.4 - Cross-Site Request Forgery via News Page Creation
CVE-2012-2999
Cerberus FTP Server <5.0.5.0 - CSRF
CVE-2012-1636
stickynote < 7.x-1.1 - Cross-Site Request Forgery via Sticky Note Deletion
Details
Vulnerabilities 9,390
Exploit Likelihood Medium