CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2009-1036
Drupal Plus1 < 6.x-2.6 - Cross-Site Request Forgery
CVE-2009-0969
phpfox 1.6.21 - Cross-Site Request Forgery via Account Settings Update
CVE-2009-0940
HP Digital Sender and LaserJet - Cross-Site Request Forgery via Embedded Web Server
CVE-2009-0037
curl 5.11-7.19.3 - Remote Request Smuggling via Redirect Location Header
CVE-2009-0708
SemanticScuttle < 0.91 - Cross-Site Request Forgery
CVE-2009-0648
Falt4 CMS RC4 - Cross-Site Request Forgery in manage_users Handler
CVE-2009-0468
Profense Web Application Firewall 2.6.2-2.6.3 - CSRF
CVE-2009-0499
Moodle 1.7-1.7.7, 1.8-1.8.8, 1.9-1.9.4 - Cross-Site Request Forgery via Forum Post Deletion
CVE-2009-0486
Bugzilla 3.0.7, 3.2.1, 3.3.2 - Cross-Site Request Forgery via Insufficient Randomness in mod_perl
CVE-2009-0485
Bugzilla 2.17-2.22.7, 3.0-3.0.6, 3.2-3.2.0, 3.3-3.3.1 - Cross-Site Request Forgery via editflagtypes.cgi
CVE-2009-0484
Bugzilla 3.0-3.0.6, 3.2-3.2.0, 3.3-3.3.1 - Cross-Site Request Forgery via buglist.cgi
CVE-2009-0483
Bugzilla 2.22-2.22.6, 3.0-3.0.6, 3.2-3.2.0, 3.3-3.3.1 - Cross-Site Request Forgery via editkeywords.cgi or userprefs.cgi
CVE-2009-0482
Bugzilla <3.2-3.2.1, <3.3-3.3.2 - CSRF
CVE-2009-0471
Cisco IOS 12.4(23) - Cross-Site Request Forgery via HTTP Server
CVE-2009-0408
osCommerce 2.2 RC 2a - Cross-Site Request Forgery
CVE-2009-0272
Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 - Cross-Site Request Forgery
CVE-2009-0056
Cisco IronPort Encryption Appliance CSRF via Logout Action
CVE-2009-0055
Cisco IronPort Encryption Appliance 6.2.4-6.2.4.1.1 6.2.5-6.2.7.7 6.3-6.3.0.4 6.5-6.5.0.2 - Cross-Site Request Forgery
CVE-2009-0112
PollPro 3.0 - Cross-Site Request Forgery via admin/agent_edit.asp
CVE-2008-7243
MODx CMS <0.9.6.1p1 - CSRF
CVE-2008-7241
PunBB < 1.2.17 - Cross-Site Request Forgery via Forced Logout
CVE-2008-7221
RunCMS 1.6.1 - Cross-Site Request Forgery via Admin Profile Modification
CVE-2008-7214
Mambo < 4.6.3 - Cross-Site Request Forgery via Administrator Account Creation
CVE-2008-7204
VirtueMart < 1.0.13a - Cross-Site Request Forgery
CVE-2008-7193
PHPKIT 1.6.4 PL1 - Cross-Site Request Forgery via PHPKITSID Parameter
Details
Vulnerabilities 9,392
Exploit Likelihood Medium