CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 246 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5698 | 0.00 | — | 0.03 | Aug 30, 2015 | Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-5412 | 0.00 | — | 0.01 | Aug 26, 2015 | Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-6262 | 0.00 | — | 0.01 | Aug 25, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. | |||
| CVE-2015-6660 | 0.00 | — | 0.01 | Aug 24, 2015 | The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks." | |||
| CVE-2015-2905 | 0.00 | — | 0.01 | Aug 23, 2015 | Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. | |||
| CVE-2015-2983 | 0.00 | — | 0.01 | Aug 22, 2015 | Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-4530 | 0.00 | — | 0.01 | Aug 20, 2015 | Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote… | |||
| CVE-2015-0542 | 0.00 | — | 0.01 | Aug 20, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-6523 | 0.00 | — | 0.01 | Aug 19, 2015 | Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in… | |||
| CVE-2015-5508 | 0.00 | — | 0.01 | Aug 18, 2015 | Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a… | |||
| CVE-2015-2848 | 0.00 | — | 0.01 | Jul 26, 2015 | Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. | |||
| CVE-2015-4281 | 0.00 | — | 0.01 | Jul 22, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||
| CVE-2015-2134 | 0.00 | — | 0.01 | Jul 21, 2015 | Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-4274 | 0.00 | — | 0.01 | Jul 16, 2015 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936. | |||
| CVE-2015-4267 | 0.00 | — | 0.01 | Jul 15, 2015 | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940. | |||
| CVE-2015-5397 | 0.00 | — | 0.01 | Jul 14, 2015 | Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. | |||
| CVE-2015-4254 | 0.00 | — | 0.01 | Jul 10, 2015 | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732. | |||
| CVE-2015-4258 | 0.00 | — | 0.01 | Jul 10, 2015 | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444. | |||
| CVE-2015-4257 | 0.00 | — | 0.01 | Jul 10, 2015 | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710. | |||
| CVE-2015-4256 | 0.00 | — | 0.01 | Jul 10, 2015 | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736. |
- CVE-2015-5698Aug 30, 2015risk 0.00cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-5412Aug 26, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-6262Aug 25, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059.
- CVE-2015-6660Aug 24, 2015risk 0.00cvss —epss 0.01
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."
- CVE-2015-2905Aug 23, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.
- CVE-2015-2983Aug 22, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2015-4530Aug 20, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote…
- CVE-2015-0542Aug 20, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users.
- CVE-2015-6523Aug 19, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in…
- CVE-2015-5508Aug 18, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a…
- CVE-2015-2848Jul 26, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.
- CVE-2015-4281Jul 22, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146.
- CVE-2015-2134Jul 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2015-4274Jul 16, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.
- CVE-2015-4267Jul 15, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
- CVE-2015-5397Jul 14, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors.
- CVE-2015-4254Jul 10, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
- CVE-2015-4258Jul 10, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444.
- CVE-2015-4257Jul 10, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90710.
- CVE-2015-4256Jul 10, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.