CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,391 vulnerabilities with CWE-352
CVE-2012-4053
EZ Publish - Cross-Site Request Forgery
CVE-2012-3384
WordPress < 3.4.1 - Cross-Site Request Forgery in Customizer
CVE-2012-3362
extplorer < 2.1.0 - Cross-Site Request Forgery via Add User Admin Action
CVE-2012-2447
Netsweeper - Cross-Site Request Forgery
CVE-2012-0303
Symantec Message Filter < 6.3 - Cross-Site Request Forgery
CVE-2012-3231
web@all 2.0 - Cross-Site Request Forgery via do_addfile Action
CVE-2012-3799
Maestro 7.x-1.x < 7.x-1.2 - Cross-Site Request Forgery
CVE-2012-2729
SimpleMeta 6.x-1.x - Cross-Site Request Forgery
CVE-2012-2728
Drupal Node Hierarchy <6.x-1.5 - CSRF
CVE-2012-2713
BrowserID module for Drupal 7.x-1.x < 7.x-1.3 - Cross-Site Request Forgery
CVE-2012-2380
Apache Roller < 5.0.1 - Cross-Site Request Forgery via Admin/Editor Console
CVE-2012-2716
Drupal Comment Moderation <6.x-1.1 - CSRF
CVE-2012-2605
Bradford Network Sentry <5.3.3 - CSRF
CVE-2012-2959
BMC Identity Management Suite 7.5.00.103 - CSRF
CVE-2012-3343
bloxx web_filtering < 5.0.13 - Cross-Site Request Forgery
CVE-2012-2564
bloxx web_filtering < 5.0.13 - Cross-Site Request Forgery
CVE-2012-2341
Drupal Take Control <6.x-2.2 - CSRF
CVE-2012-1936
WordPress < 3.3.1 - Cross-Site Request Forgery via Nonce Reuse
CVE-2012-0730
IBM Rational AppScan Enterprise <8.5.0.1 - CSRF
CVE-2012-2003
HP Insight Management Agents < 9.0.0.0 - Cross-Site Request Forgery
CVE-2012-2397
owncloud < 3.0.3 - Cross-Site Request Forgery via Contacts XSS Sequence Insertion
CVE-2012-1985
RealNetworks Helix Server and Helix Mobile Server 14.x - Cross-Site Request Forgery via Malformed URL
CVE-2012-1237
SENCHA SNS < 1.0.2 - Cross-Site Request Forgery
CVE-2012-1843
Quantum Scalar i500 Firmware < i7.0.3 - Cross-Site Request Forgery via saveRestore.htm fileName Parameter
CVE-2012-1236
Janetter < 3.3.0.0 - Cross-Site Request Forgery
Details
Vulnerabilities 9,391
Exploit Likelihood Medium