CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,391 vulnerabilities with CWE-352
CVE-2011-2753
SquirrelMail < 1.4.21 - Cross-Site Request Forgery via Empty Trash and Index Order
CVE-2011-1482
PHP-Nuke < 8.0 - Cross-Site Request Forgery via Referer Substring Comparison
CVE-2011-0629
Adobe ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 - Cross-Site Request Forgery
CVE-2011-1954
Post Revolution < 0.8.0c-2 - Cross-Site Request Forgery via Multiple Endpoints
CVE-2011-1026
Apache Archiva 1.0-1.2.2 and 1.3.x < 1.3.5 - Cross-Site Request Forgery
CVE-2011-1403
Mahara < 1.3.6 - Cross-Site Request Forgery via Pieforms Session Key Regeneration
CVE-2011-1325
EC-CUBE < 2.11.0 - Cross-Site Request Forgery
CVE-2011-1324
Buffalo WHR-WZR2-WZR-WER-BBR-AS-100 - CSRF
CVE-2011-1905
Proofpoint Messaging Security Gateway < 6.2.0.263 & Protection Server 5.5.3-6.2.0 - Cross-Site Request Forgery
CVE-2011-1545
HP Insight Control Performance Management <6.3 - CSRF
CVE-2011-1543
HP Systems Insight Manager <6.3 - CSRF
CVE-2011-1685
Best Practical Solutions RT <4.0.0rc - Authenticated RCE
CVE-2011-1721
WebJaxe 1.02 - Cross-Site Request Forgery in Administration Interface
CVE-2011-1682
phplist < 2.10.13 - Cross-Site Request Forgery
CVE-2011-0748
phplist < 2.10.13 - Cross-Site Request Forgery
CVE-2011-0746
ZyXEL O2 DSL Router Classic - Cross-Site Request Forgery via PortForwarding_Edit_1 PortRule_Name Parameter
CVE-2011-1664
Drupal Translation Management <6.x-1.21 - CSRF
CVE-2011-0760
WP Related Posts 1.0 - Cross-Site Request Forgery via Configuration Parameters
CVE-2011-0545
Symantec LiveUpdate Administrator < 2.3 - Cross-Site Request Forgery via adduser.do
CVE-2011-0440
Mahara 1.2.x-1.2.7 and 1.3.x-1.3.4 - Cross-Site Request Forgery
CVE-2011-0759
WP-reCAPTCHA 2.9.8.2 - Cross-Site Request Forgery via Configuration Parameters
CVE-2011-0059
Mozilla Firefox <3.5.17-3.6.14 & SeaMonkey <2.0.12 - CSRF
CVE-2011-1104
Mutare Evm - Cross-Site Request Forgery
CVE-2011-0696
Django 1.1.x < 1.1.4 and 1.2.x < 1.2.5 - Cross-Site Request Forgery via X-Requested-With Header
CVE-2011-0447
Ruby on Rails 2.1.x-2.3.10 and 3.x < 3.0.4 - Cross-Site Request Forgery via X-Requested-With Header
Details
Vulnerabilities 9,391
Exploit Likelihood Medium