Vulnerabilities (CVE)

Filtered by CWE-352
Total 8165 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5996 1 Mediabridge 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware 2025-04-12 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-2710 1 Ajaydsouza 1 Contextual Related Posts 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2014-7158 1 Exinda 1 Wan Optimization Suite 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch.
CVE-2015-0704 1 Cisco 1 Unified Meetingplace 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in API features in Cisco Unified MeetingPlace 8.6(1.9) allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus95884.
CVE-2015-3374 1 Corner Project 1 Corner 2025-04-12 5.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable corners via unspecified vectors.
CVE-2016-1134 1 Buffalotech 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2016-1607 1 Novell 1 Filr 2025-04-12 6.5 MEDIUM 7.2 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
CVE-2013-7334 1 Imagecms 1 Imagecms 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290.
CVE-2015-3352 1 Jammer Project 1 Jammer 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for (1) hidden form elements or (2) status messages via unspecified vectors, related to "report administration."
CVE-2015-5351 3 Apache, Canonical, Debian 3 Tomcat, Ubuntu Linux, Debian Linux 2025-04-12 6.8 MEDIUM 8.8 HIGH
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
CVE-2015-1424 1 Jakweb 1 Gecko Cms 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
CVE-2014-2178 1 Cisco 7 Rv120w, Rv120w Firmware, Rv180 and 4 more 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.
CVE-2015-0716 1 Cisco 1 Unity Connection 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
CVE-2012-4921 1 Dvs Custom Notification Project 1 Dvs Custom Notification 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks.
CVE-2015-7537 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.
CVE-2013-2713 1 Krisonav 1 Krisonav 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
CVE-2015-0807 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-12 6.8 MEDIUM N/A
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
CVE-2015-6007 1 Refbase 1 Refbase 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-2190 1 Cisco 1 Broadband Access Center Telco Wireless Software 2025-04-12 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Broadcast Access Center for Telco and Wireless (aka BAC-TW) allows remote attackers to hijack the authentication of arbitrary users for requests that make BAC-TW changes, aka Bug IDs CSCuo23804 and CSCuo26389.
CVE-2014-9340 1 Wpcommenttwit Project 1 Wpcommenttwit 2025-04-12 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) username or (2) password parameter in the wpCommentTwit.php page to wp-admin/options-general.php.