CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2010-4627
MyBB < 1.4.12 - Cross-Site Request Forgery in usercp2.php
CVE-2010-3878
Red Hat JBoss Enterprise Application Platform 4.3 - Cross-Site Request Forgery in JMX Console
CVE-2010-4507
iSpot and ClearSpot Firmware 2.0.0.0 - Cross-Site Request Forgery via Multiple CGI Endpoints
CVE-2010-4519
Views module for Drupal 5.x < 5.x-1.8 and 6.x < 6.x-2.11 - Cross-Site Request Forgery
CVE-2010-3449
Redback < 1.2.4 - Cross-Site Request Forgery
CVE-2010-3891
IBM OmniFind Enterprise Edition < 9.1 - Cross-Site Request Forgery in Administrator Interface
CVE-2010-3694
Horde Application Framework < 3.3.9 - Cross-Site Request Forgery via Preference Form
CVE-2010-0785
IBM WebSphere Application Server 6.1-7.0 - Cross-Site Request Forgery in Administrative Console
CVE-2010-4106
HP Insight Control for Linux < 6.2 - Cross-Site Request Forgery
CVE-2010-4032
HP Insight Control Performance Management < 6.2 - Cross-Site Request Forgery
CVE-2010-4024
HP Insight Control Power Management < 6.2 - Cross-Site Request Forgery
CVE-2010-3989
HP Insight Control Virtual Machine Management < 6.2 - Cross-Site Request Forgery
CVE-2010-3288
HP Systems Insight Manager <6.2 - CSRF
CVE-2010-3884
CMS Made Simple < 1.8.1 - Cross-Site Request Forgery to Reset Admin Password
CVE-2010-3883
CMS Made Simple < 1.7.1 - Cross-Site Request Forgery in Change Group Permissions Module
CVE-2010-3603
mojoPortal 2.3.4.3 and 2.3.5.1 - Cross-Site Request Forgery in File Manager Service
CVE-2010-1767
Google Chrome < 4.1.249.1059 - Cross-Site Request Forgery via Synchronous Preflight XMLHttpRequest
CVE-2010-3464
SantaFox 2.02 - Cross-Site Request Forgery in Admin User Management
CVE-2010-0153
IBM Proventia Network Mail Security System Virtual Appliance - Cross-Site Request Forgery in Local Management Interface
CVE-2010-3213
Microsoft Outlook Web Access <SP2 - CSRF
CVE-2010-1325
SUSE Lifecycle Management Server - Cross-Site Request Forgery via Improper Parameter Quoting
CVE-2010-2234
Apache CouchDB 0.8.0-0.11.0 - Cross-Site Request Forgery
CVE-2010-3030
Tomaz Muraus Open Blog 1.2.1 - CSRF
CVE-2010-3026
Tomaz Muraus Open Blog 1.2.1 - CSRF
CVE-2010-3024
DiamondList 0.1.6 - Cross-Site Request Forgery in User Update Function
Details
Vulnerabilities 9,392
Exploit Likelihood Medium