CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,392 vulnerabilities with CWE-352
CVE-2008-6532
Drupal 5.x < 5.13 and 6.x < 6.7 - Cross-Site Request Forgery in Update Feature
CVE-2008-6498
XAMPP 1.6.8 - Cross-Site Request Forgery via xampppasswd Parameter
CVE-2008-6480
Datalife Engine 6.7 - Cross-Site Request Forgery via Image Parameter
CVE-2008-6479
Parallels Virtuozzo 25.4.swsoft - Cross-Site Request Forgery in VZPP Password Change
CVE-2008-6478
Parallels Virtuozzo Containers - Cross-Site Request Forgery in VZPP File Manager
CVE-2008-6449
Centurysys Xr-1100 < 1.6.2 - CSRF
CVE-2008-6384
Comment Mail 5.x < 5.x-1.1 - Cross-Site Request Forgery
CVE-2008-6331
Streber < 0.0803 - Cross-Site Request Forgery
CVE-2008-6239
OpenEdit Digital Asset Management < 5.0 - Cross-Site Request Forgery
CVE-2008-6169
Drupal Localization Client < 5.x-1.0 and 6.x < 6.x-1.6 - Cross-Site Request Forgery
CVE-2008-6106
IBM Workplace for Business Controls and Reporting 2.x & Web Content Management 6.x - Cross-Site Request Forgery
CVE-2008-6048
TangoCMS < 2.2.0 - Cross-Site Request Forgery
CVE-2008-5941
MODx <0.9.6.1p2 - CSRF
CVE-2008-5758
phparanoid < 0.5 - Cross-Site Request Forgery via Private Messages
CVE-2008-5252
MediaWiki 1.3.0-1.6.10, 1.12.x < 1.12.2, 1.13.x < 1.13.3 - Cross-Site Request Forgery in Special:Import
CVE-2008-5672
PHParanoid < 0.4 - Cross-Site Request Forgery via Admin and Private Message Endpoints
CVE-2008-5621
phpMyAdmin 2.11.x-2.11.9.3 and 3.x-3.1.0.9 - Cross-Site Request Forgery via tbl_structure.php
CVE-2008-5583
ProjectPier < 0.8 - Cross-Site Request Forgery via Query String
CVE-2008-5568
IPN Pro 3 < 1.44 - Cross-Site Request Forgery via Admin Password Change
CVE-2008-5567
Bonza Cart < 1.10 - Cross-Site Request Forgery via Admin Password Change
CVE-2008-5565
DL PayCart < 1.34 - Cross-Site Request Forgery via Admin Password Change
CVE-2008-5400
mvnforum < 1.2.1 GA - Cross-Site Request Forgery
CVE-2008-5382
I-O DATA DEVICE HDL-F160-320 - CSRF
CVE-2008-5189
Ruby on Rails < 2.0.5 - CRLF Injection via redirect_to Function
CVE-2008-5115
Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Cross-Site Request Forgery via Password Update
Details
Vulnerabilities 9,392
Exploit Likelihood Medium