CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,391 vulnerabilities with CWE-352
CVE-2011-3293
Cisco Secure Access Control Server - Cross-Site Request Forgery
CVE-2011-3846
HP System Management Homepage 6.2.2.7 - Cross-Site Request Forgery
CVE-2011-1397
IBM Maximo Asset Management 6.2, 7.1, 7.5 - Cross-Site Request Forgery in Labor Reporting Page
CVE-2011-5074
Support Incident Tracker < 3.65 - Cross-Site Request Forgery via User Profile Edit
CVE-2011-5068
Support Incident Tracker 3.65 - Cross-Site Request Forgery via user_delete.php
CVE-2011-4642
Splunk 4.2.x - Authenticated Remote Code Execution via mappy.py Python Class Access
CVE-2011-3669
Bugzilla 2.x-4.x - Cross-Site Request Forgery via Attachment Upload
CVE-2011-3668
Bugzilla 2.x-4.x - Cross-Site Request Forgery via post_bug.cgi
CVE-2011-5011
xt:Commerce 3.0.4 SP2.1 - Cross-Site Request Forgery via cID Parameter
CVE-2011-3836
Wuzly 2.0 - Cross-Site Request Forgery
CVE-2011-4837
HomeSeer HS2 2.5.0.20 - Cross-Site Request Forgery in Web Interface
CVE-2011-3636
FreeIPA < 2.1.4 - Cross-Site Request Forgery in Management Interface
CVE-2011-4498
Zenprise Device Manager 6.x-6.1.8 - Cross-Site Request Forgery
CVE-2011-2773
Mahara < 1.4.1 - Cross-Site Request Forgery
CVE-2011-3994
SKYARC MTCMS < 5.252 and Plugins - Cross-Site Request Forgery
CVE-2011-4005
Cisco Services Ready Platform - CSRF
CVE-2011-1364
Google App Engine Python SDK < 1.5.4 - Cross-Site Request Forgery via Interactive Console
CVE-2011-4173
SMF 2.x <2.0.1 - CSRF
CVE-2011-4140
Django < 1.2.6 - Cross-Site Request Forgery via Arbitrary HTTP Host Header
CVE-2011-2191
Cherokee < 1.2.99 - Cross-Site Request Forgery in Cherokee-admin
CVE-2011-1911
JasperReports Server Community Project <3.7.1 - CSRF
CVE-2011-3381
Phorum < 5.2.16 - Cross-Site Request Forgery
CVE-2011-1341
Aimluck Aipo < 4.0.4.0 and Aipo for ASP < 4.0.4.0 - Cross-Site Request Forgery
CVE-2011-0551
Symantec Endpoint Protection 11.0.600x-11.0.6300 - Cross-Site Request Forgery
CVE-2011-2522
Samba 3.x < 3.5.10 - Cross-Site Request Forgery in SWAT
Details
Vulnerabilities 9,391
Exploit Likelihood Medium