CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2010-1971
HP Insight Software Installer < 6.1 - Cross-Site Request Forgery
CVE-2010-1968
HP Insight Software Installer < 6.0 - Cross-Site Request Forgery
CVE-2010-1668
Mahara < 1.0.15, 1.1.x < 1.1.9, 1.2.x < 1.2.5 - Cross-Site Request Forgery
CVE-2010-2594
InterSect Alliance Snare Agent < 3.2.3 - Cross-Site Request Forgery in Web Management Interface
CVE-2010-2231
Moodle < 1.8.13 and 1.9.x < 1.9.9 - Cross-Site Request Forgery via Quiz Attempt Deletion
CVE-2010-2345
odCMS 1.06 - Cross-Site Request Forgery
CVE-2010-0540
macOS and macOS Server - Cross-Site Request Forgery in CUPS Web Interface
CVE-2010-2282
TomatoCMS 2.0.6 - Cross-Site Request Forgery
CVE-2010-2268
Accoria Rock Web Server 1.4.7 - Cross-Site Request Forgery in authcfg.cgi
CVE-2010-2294
Plume CMS < 1.2.4 - Cross-Site Request Forgery via Administrator Password Change
CVE-2010-1648
MediaWiki 1.15-1.15.3 and 1.16-beta2 - Cross-Site Request Forgery in Login Interface
CVE-2010-2151
Fujitsu e-Pares V01 L01, L03, L10, L20, L30, and L40 - Cross-Site Request Forgery
CVE-2010-2114
Brekeke PBX 2.4.4.8 - Cross-Site Request Forgery via Password Change Request
CVE-2010-2113
Uniformserver - CSRF
CVE-2010-2111
Pacific Timesheet 6.74 build 363 - Cross-Site Request Forgery via user/user-set.do
CVE-2010-2025
Cisco Scientific Atlanta WebSTAR DPC2100R2 - Cross-Site Request Forgery
CVE-2010-2039
gpEasy CMS <= 1.6.2 - Cross-Site Request Forgery via Admin_Users Action
CVE-2010-1547
Chaos Tool Suite CTools 6.x < 1.4 - Cross-Site Request Forgery via Page Enable/Disable
CVE-2010-2007
LetoDMS < 1.7.2 - Cross-Site Request Forgery via Multiple Administrative Endpoints
CVE-2010-1732
Zikula Application Framework < 1.2.3 - Cross-Site Request Forgery via Users Module Update Email Action
CVE-2010-1611
Alegrocart - Cross-Site Request Forgery
CVE-2010-1610
OpenCart 1.4 - Cross-Site Request Forgery via Administrative Account Creation
CVE-2010-1037
HP System Insight Manager <6.0 - CSRF
CVE-2010-1542
DFD Cart <= 1.198 - Cross-Site Request Forgery in admin/configure.php
CVE-2010-1150
MediaWiki <1.15.3, 1.6.x <1.16.0beta2 - Auth Bypass
Details
Vulnerabilities 9,392
Exploit Likelihood Medium