CWE-352
Cross-Site Request Forgery (CSRF)
Description
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-462 · CAPEC-467 · CAPEC-62
CVEs mapped to this weakness (5,713)
page 249 of 286| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1894 | 0.00 | — | 0.01 | May 25, 2015 | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||
| CVE-2015-0741 | 0.00 | — | 0.01 | May 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. | |||
| CVE-2012-6691 | 0.00 | — | 0.01 | May 20, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to… | |||
| CVE-2015-0740 | 0.00 | — | 0.01 | May 20, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. | |||
| CVE-2015-0735 | 0.00 | — | 0.01 | May 17, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. | |||
| CVE-2015-0736 | 0.00 | — | 0.01 | May 16, 2015 | Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. | |||
| CVE-2015-0716 | 0.00 | — | 0.01 | May 7, 2015 | Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. | |||
| CVE-2014-6090 | 0.00 | — | 0.01 | Apr 27, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8,… | |||
| CVE-2012-2930 | 0.00 | — | 0.01 | Apr 24, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code… | |||
| CVE-2015-0705 | 0.00 | — | 0.01 | Apr 22, 2015 | Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID… | |||
| CVE-2015-0704 | 0.00 | — | 0.01 | Apr 22, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884. | |||
| CVE-2015-3388 | 0.00 | — | 0.01 | Apr 21, 2015 | Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors. | |||
| CVE-2015-3382 | 0.00 | — | 0.01 | Apr 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors. | |||
| CVE-2015-3380 | 0.00 | — | 0.01 | Apr 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors. | |||
| CVE-2015-3375 | 0.00 | — | 0.01 | Apr 21, 2015 | Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified… | |||
| CVE-2015-3374 | 0.00 | — | 0.01 | Apr 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors. | |||
| CVE-2015-3370 | 0.00 | — | 0.01 | Apr 21, 2015 | Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified… | |||
| CVE-2015-3367 | 0.00 | — | 0.01 | Apr 21, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors. | |||
| CVE-2015-3366 | 0.00 | — | 0.01 | Apr 21, 2015 | Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. | |||
| CVE-2015-3363 | 0.00 | — | 0.01 | Apr 21, 2015 | Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors. |
- CVE-2015-1894May 25, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
- CVE-2015-0741May 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.
- CVE-2012-6691May 20, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to…
- CVE-2015-0740May 20, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.
- CVE-2015-0735May 17, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970.
- CVE-2015-0736May 16, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728.
- CVE-2015-0716May 7, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
- CVE-2014-6090Apr 27, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8,…
- CVE-2012-2930Apr 24, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code…
- CVE-2015-0705Apr 22, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID…
- CVE-2015-0704Apr 22, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.
- CVE-2015-3388Apr 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete the user's configured bank accounts via unspecified vectors.
- CVE-2015-3382Apr 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors.
- CVE-2015-3380Apr 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable a module via unspecified vectors.
- CVE-2015-3375Apr 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified…
- CVE-2015-3374Apr 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors.
- CVE-2015-3370Apr 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified…
- CVE-2015-3367Apr 21, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) restore, (2) publish, or (3) unpublish a pattern via unspecified vectors.
- CVE-2015-3366Apr 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors.
- CVE-2015-3363Apr 21, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors.