CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2008-7192
WoltLab Burning Board <3.0.1 - CSRF
CVE-2008-7165
TELECOM ITALIA Alice Gate2 Plus Wi-Fi - CSRF
CVE-2008-7151
Live 5.x - Cross-Site Request Forgery
CVE-2008-7139
Eye-Fi Manager 1.1.2 - Cross-Site Request Forgery via SOAPAction Parameter
CVE-2008-7082
MyBB 1.4.3 - Cross-Site Request Forgery via my_post_key Parameter in Moderation Actions
CVE-2008-7058
BandSite CMS 1.1.4 - Cross-Site Request Forgery via Admin Logout Endpoint
CVE-2008-7032
F5 BIG-IP 9.4.3 - Cross-Site Request Forgery via Web Management Console
CVE-2008-7016
tnftpd < 20080929 - Cross-Site Request Forgery via Command String Splitting
CVE-2008-6975
DD-WRT 24 sp2 - Cross-Site Request Forgery via apply.cgi Parameters
CVE-2008-6974
DD-WRT < 24 - Cross-Site Request Forgery via apply.cgi Parameters
CVE-2008-6949
Collabtive - Cross-Site Request Forgery
CVE-2008-6905
BabbleBoard 1.1.6 - Authenticated Cross-Site Request Forgery
CVE-2008-6836
OpenID 5.x - Cross-Site Request Forgery
CVE-2008-6832
Atlassian JIRA Enterprise Edition 3.13 - Cross-Site Request Forgery
CVE-2008-6823
A-LINK WL54AP2 and WL54AP3 < 1.4.1 - Cross-Site Request Forgery via Management Interface
CVE-2008-6801
vivvo < 4.0.4 - Cross-Site Request Forgery
CVE-2008-6758
Viart Shop - Cross-Site Request Forgery
CVE-2008-6744
Cybozu Dezie < 6.0(1.0) - Cross-Site Request Forgery
CVE-2008-6729
phpmotion < 2.1 - Cross-Site Request Forgery via Password or Email Parameter
CVE-2008-6657
Simple Machines Forum 1.0-1.0.15 and 1.1-1.1.7 - Cross-Site Request Forgery via Package Installation
CVE-2008-6639
Ajaxplorer - Cross-Site Request Forgery
CVE-2008-6605
2wire 1701HG 1800HW 2071HG 2700HG - Cross-Site Request Forgery via XSLT Script
CVE-2008-6587
Vuze - Cross-Site Request Forgery via upurl Parameter
CVE-2008-6586
Torrent WebUI 0.315 - Cross-Site Request Forgery via add-url and setsetting Actions
CVE-2008-6585
Torrentflux - Cross-Site Request Forgery
Details
Vulnerabilities 9,392
Exploit Likelihood Medium