CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 233 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3540 | 0.03 | — | 0.01 | Oct 4, 2013 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests… | |||
| CVE-2013-3963 | 0.03 | — | 0.01 | Oct 1, 2013 | Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the… | |||
| CVE-2013-5672 | 0.03 | — | 0.03 | Sep 10, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing… | |||
| CVE-2013-5316 | 0.03 | — | 0.02 | Aug 20, 2013 | Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php. | |||
| CVE-2013-1414 | 0.03 | — | 0.02 | Jul 8, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3)… | |||
| CVE-2013-0663 | 0.03 | — | 0.06 | Apr 4, 2013 | Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the… | |||
| CVE-2013-0126 | 0.03 | — | 0.03 | Mar 21, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the… | |||
| CVE-2013-1468 | 0.03 | — | 0.06 | Mar 14, 2013 | Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors. | |||
| CVE-2013-1120 | 0.03 | — | 0.01 | Feb 6, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. | |||
| CVE-2012-6518 | 0.03 | — | 0.01 | Jan 24, 2013 | Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module. | |||
| CVE-2012-6508 | 0.03 | — | 0.01 | Jan 24, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to… | |||
| CVE-2012-1922 | 0.03 | — | 0.01 | Jan 24, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port… | |||
| CVE-2012-6434 | 0.03 | — | 0.01 | Jan 3, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)… | |||
| CVE-2012-6433 | 0.03 | — | 0.02 | Jan 3, 2013 | Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action. | |||
| CVE-2012-5992 | 0.03 | — | 0.02 | Dec 19, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via… | |||
| CVE-2012-6047 | 0.03 | — | 0.01 | Nov 27, 2012 | Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php. | |||
| CVE-2010-5285 | 0.03 | — | 0.01 | Nov 26, 2012 | Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. | |||
| CVE-2012-5898 | 0.03 | — | 0.01 | Nov 17, 2012 | Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings. | |||
| CVE-2012-5891 | 0.03 | — | 0.01 | Nov 17, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change… | |||
| CVE-2012-5387 | 0.03 | — | 0.03 | Oct 24, 2012 | Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name… |
- CVE-2013-3540Oct 4, 2013risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests…
- CVE-2013-3963Oct 1, 2013risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the…
- CVE-2013-5672Sep 10, 2013risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing…
- CVE-2013-5316Aug 20, 2013risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
- CVE-2013-1414Jul 8, 2013risk 0.03cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3)…
- CVE-2013-0663Apr 4, 2013risk 0.03cvss —epss 0.06
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the…
- CVE-2013-0126Mar 21, 2013risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the…
- CVE-2013-1468Mar 14, 2013risk 0.03cvss —epss 0.06
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create arbitrary PHP files via unspecified vectors.
- CVE-2013-1120Feb 6, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
- CVE-2012-6518Jan 24, 2013risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
- CVE-2012-6508Jan 24, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to…
- CVE-2012-1922Jan 24, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port…
- CVE-2012-6434Jan 3, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3)…
- CVE-2012-6433Jan 3, 2013risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.
- CVE-2012-5992Dec 19, 2012risk 0.03cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via…
- CVE-2012-6047Nov 27, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
- CVE-2010-5285Nov 26, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
- CVE-2012-5898Nov 17, 2012risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
- CVE-2012-5891Nov 17, 2012risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change…
- CVE-2012-5387Oct 24, 2012risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name…