CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,394 vulnerabilities with CWE-352
CVE-2008-0788
MyBB < 1.2.11 - Cross-Site Request Forgery via Thread Deletion and Private Message Deletion
CVE-2008-0571
Userpoints Module 4.7.x-2.3 5.x-2.16 5.x-3.3 - Cross-Site Request Forgery
CVE-2008-0575
webSPELL 4.01.02 - Cross-Site Request Forgery in Admin Center
CVE-2008-0182
Liferay Enterprise Portal < 4.3.6 - Authenticated Cross-Site Request Forgery via Shutdown Message
CVE-2008-0563
Liferay Portal 4.3.6 - Cross-Site Request Forgery via User-Agent HTTP Header
CVE-2008-0508
Dean's Permalinks Migration 1.0 - Cross-Site Request Forgery via old_struct Parameter
CVE-2008-0524
Yamaha RT Series Routers - Cross-Site Request Forgery in Management Interface
CVE-2008-0471
phpBB 2.0.22 - Cross-Site Request Forgery via Private Message Deletion
CVE-2008-0472
Woltlab Burning Board 2.3.6 PL2 - Cross-Site Request Forgery via modcp.php Thread Deletion
CVE-2008-0336
bugtracker.net < 2.7.1 - Cross-Site Request Forgery via Administrative Endpoints
CVE-2008-0266
eTicket 1.5.5.2 - Cross-Site Request Forgery in admin.php
CVE-2008-0271
BUEditor < 4.7.x-1.0 - Cross-Site Request Forgery via Editor Deletion Form
CVE-2008-0272
Drupal 4.7.x-4.7.10 and 5.x-5.5 - Cross-Site Request Forgery in Aggregator Module
CVE-2008-0228
Linksys WRT54GL 4.30.9 - Cross-Site Request Forgery via apply.cgi
CVE-2008-0198
WP-ContactForm <=1.5a CSRF via wpcf_question/success_msg/error_msg Parameters
CVE-2007-6752
Drupal < 7.12 - Cross-Site Request Forgery via User Logout URI
CVE-2007-6730
ZyXEL P-330W Router - Cross-Site Request Forgery via Remote Management or Password Setup
CVE-2007-6708
Cisco Linksys WAG54GS Wireless-G ADSL Gateway <1.01.03 - CSRF
CVE-2007-6420
Apache HTTP Server 2.2.x - Cross-Site Request Forgery in mod_proxy_balancer
CVE-2007-6642
Joomla! < 1.5 RC4 - Cross-Site Request Forgery
CVE-2007-6490
Falcon Series One CMS 1.4.3 - Cross-Site Request Forgery via Password Change Action
CVE-2007-6390
Serendipity mycalendar plugin < 0.13 - Cross-Site Request Forgery
CVE-2007-6410
Gadu-Gadu Instant Messenger - Cross-Site Request Forgery via Crafted Link
CVE-2007-6320
Drupal Feature Module 4.7.x-dev and 5.x-dev before 20071206 - Cross-Site Request Forgery
CVE-2007-6300
Fusion News 3.9.0 - Cross-Site Request Forgery
Details
Vulnerabilities 9,394
Exploit Likelihood Medium