CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,394 vulnerabilities with CWE-352
CVE-2008-5189
Ruby on Rails < 2.0.5 - CRLF Injection via redirect_to Function
CVE-2008-5115
Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Cross-Site Request Forgery via Password Update
CVE-2008-5113
WordPress 2.6.3 - Cross-Site Request Forgery via REQUEST Superglobal Array
CVE-2008-5028
Nagios < 3.0.4 - Cross-Site Request Forgery
CVE-2008-4899
Planetluc RateMe 1.3.3 - Cross-Site Request Forgery
CVE-2008-3868
Interact 2.4.1 - Cross-Site Request Forgery
CVE-2008-4734
WP Comment Remix Plugin < 1.4.4 - Cross-Site Request Forgery via wpcr_hidden_form_input Parameter
CVE-2008-4448
Positive Software H-Sphere WebShell 4.3.10 - Cross-Site Request Forgery via actions.php
CVE-2008-4247
FreeBSD NetBSD OpenBSD - Cross-Site Request Forgery via Long FTP URI
CVE-2008-4242
ProFTPD 1.3.1 - Cross-Site Request Forgery via Long FTP URI
CVE-2008-4128
Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component
CVE-2008-3938 HIGH
OpenDb 1.0.6 - CSRF
CVSS 8.8
CVE-2008-3925
Content Management Made Easy (CMME) 1.12 - Cross-Site Request Forgery via Admin Logout Action
CVE-2008-3909
Django 0.91-0.96 - Cross-Site Request Forgery in Administration Application
CVE-2008-3885
Blogn < 1.9.7 - Cross-Site Request Forgery
CVE-2008-3736
La!Cooda WIZ <1.4.0 & LacoodaST <2.1.3 - CSRF
CVE-2008-3743
Drupal 6.x < 6.4 - Cross-Site Request Forgery via Cached Forms and AHAH Elements
CVE-2008-3744
Drupal 5.x < 5.10 and 6.x < 6.4 - Cross-Site Request Forgery
CVE-2008-3759
Vanilla < 1.1.4 - Cross-Site Request Forgery via UpdateCheck Endpoint
CVE-2008-3760
Vanilla < 1.1.4 - Cross-Site Request Forgery via SignOutNow Action
CVE-2008-3716
Harmoni < 1.6.0 - Cross-Site Request Forgery via Save or Delete Action
CVE-2008-3421
Blackboard Academic Suite 8.0.260.7 - CSRF
CVE-2008-3392
Web Wiz Forum 9.5 - Cross-Site Request Forgery via log_off_user.asp
CVE-2008-3325
Moodle 1.6-1.6.6 and 1.7-1.7.4 - Cross-Site Request Forgery via User Profile Edit Page
CVE-2008-3262
Claroline < 1.8.10 - Cross-Site Request Forgery
Details
Vulnerabilities 9,394
Exploit Likelihood Medium