CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2010-0992
Pulse CMS Basic 1.2.2-1.2.3/Pulse Pro <1.3.2 - CSRF
CVE-2010-1244
Apache ActiveMQ < 5.3.1 - Cross-Site Request Forgery via JMSDestination Parameter
CVE-2010-0921
IBM Lotus iNotes < 229.281 - Cross-Site Request Forgery
CVE-2010-0713
Zenoss < 2.5 - Cross-Site Request Forgery via Admin Password Reset and Command Change
CVE-2010-0711
ASPCode CMS <2.0.0 Build 103 - CSRF
CVE-2010-0709
Limny 2.0 - Cross-Site Request Forgery in User and Admin Actions
CVE-2010-0707
Employee Timeclock Software 0.99 - CSRF
CVE-2010-0638
WebCalendar 1.2.0 - Cross-Site Request Forgery via Administrative Password Change
CVE-2010-0289
DokuWiki < 2009-12-25c - Cross-Site Request Forgery in ACL Manager Plugin
CVE-2010-0637
WebCalendar < 1.2.5 - Cross-Site Request Forgery
CVE-2009-4139 MEDIUM
Spacewalk Java site packages <5.4.1 - CSRF
CVSS 6.8
CVE-2009-4898
TWiki < 4.3.2 - Cross-Site Request Forgery via Form Submission
CVE-2009-4981
Photokorn Gallery < 1.81 - Cross-Site Request Forgery
CVE-2009-4942
ACollab 1.2 - Cross-Site Request Forgery for Personal Agenda Item Addition
CVE-2009-4907
oBlog - Cross-Site Request Forgery
CVE-2009-4906
Acc PHP eMail 1.1 - Cross-Site Request Forgery in Password Change
CVE-2009-4905
Acc Statistics 1.1 - Cross-Site Request Forgery
CVE-2009-4877
WebGUI < 7.7.14 - Cross-Site Request Forgery
CVE-2009-4849
ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 - Cross-Site Request Forgery
CVE-2009-4828
Ad Manager Pro 3.0 - Cross-Site Request Forgery in Admin User Creation
CVE-2009-4827
Mail Manager Pro - Cross-Site Request Forgery via Admin Password Change
CVE-2009-4826
ScriptsEz Mini Hosting Panel - Cross-Site Request Forgery via Admin Panel Action
CVE-2009-4787
Pligg CMS < 1.0.3 - Cross-Site Request Forgery
CVE-2009-4773
Ubercart 5.x < 5.x-1.9 and 6.x < 6.x-2.1 - Cross-Site Request Forgery
CVE-2009-4572
PhpShop 0.8.1 - Cross-Site Request Forgery via cartAdd Function
Details
Vulnerabilities 9,392
Exploit Likelihood Medium