CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,391 vulnerabilities with CWE-352
CVE-2012-1498
Nikola Posa Webfoliocms1.0.2 - CSRF
CVE-2012-1297
Contao CMS < 2.11.0 - Cross-Site Request Forgery via User, News, or Newsletter Deletion
CVE-2012-1514
VMware vShield Manager < 1.0 - Cross-Site Request Forgery
CVE-2012-0317
Movable Type <4.38, <5.07, <5.13 - CSRF
CVE-2012-0453
Bugzilla 4.0.2-4.0.4 and 4.1.1-4.2rc2 - Cross-Site Request Forgery via XML-RPC API
CVE-2012-0997
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
CVE-2012-1235
Advantech WebAccess 7.0 - Authenticated Cross-Site Request Forgery
CVE-2012-0235
Advantech WebAccess < 7.0 - Cross-Site Request Forgery
CVE-2012-1227
pluck 4.7 - Cross-Site Request Forgery in admin.php
CVE-2012-1220
GAzie < 5.20 - Cross-Site Request Forgery via Admin User Update Action
CVE-2012-1216
PBBoard 2.1.4 - Cross-Site Request Forgery via Admin File Upload and Edit Actions
CVE-2012-1083
TYPO3 Terminal < 0.3.2 - Cross-Site Request Forgery
CVE-2012-1058
Flyspray 0.9.9.6 - Cross-Site Request Forgery via Admin User Creation
CVE-2012-1057
Drupal Forward module <7.x-1.3 - CSRF
CVE-2012-0829
Mibew Messenger < 1.6.4 - Cross-Site Request Forgery via Multiple Parameters
CVE-2012-0990
DClassifieds 0.1 final - Cross-Site Request Forgery via Admin Settings Update
CVE-2012-0314
eAccess Pocket WiFi <2.00-11.203.11.05.168 - CSRF
CVE-2012-0440
Bugzilla 3.5.x-3.6.7, 3.7.x-4.0.3, 4.1.x-4.2rc1 - Cross-Site Request Forgery via JSON-RPC API
CVE-2012-0286
Stoneware webNetwork <6.0.8.0 - CSRF
CVE-2011-1085 HIGH
Smoothwall Express 3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2011-0525 HIGH
batavi < 1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2011-3612 HIGH
UseBB < 1.0.12 - Cross-Site Request Forgery in panel.php
CVSS 8.8
CVE-2011-3582 HIGH
Advanced Electron Forums <1.0.9 - CSRF
CVSS 8.8
CVE-2011-2934 HIGH
WebsiteBaker < 2.8.1 - Cross-Site Request Forgery in Administrator Functions
CVSS 8.8
CVE-2011-5250 MEDIUM
Snare < 1.7.0 - Cross-Site Request Forgery
CVSS 6.5
Details
Vulnerabilities 9,391
Exploit Likelihood Medium