CWE-352— Cross-Site Request Forgery (CSRF)
8,629 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 5 of 173
- CVE-2009-2005NONECVSS 0.0EG 0.02009-06-08
Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors.
- CVE-2009-2073NONECVSS 0.0EG 0.02009-06-15
Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N wireless router hardware 1 and firmware 1.02.2 allows remote attackers to hijack the authentication of other users for unspecified requests via unknown vectors, as demonstr…
- CVE-2009-2129NONECVSS 0.0EG 0.02009-06-19
Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.
- CVE-2009-2150NONECVSS 0.0EG 0.02009-06-22
Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote …
- CVE-2009-2323NONECVSS 0.0EG 0.02009-07-05
The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demons…
- CVE-2009-2572NONECVSS 0.0EG 0.02009-07-22
Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast…
- CVE-2009-2677NONECVSS 0.0EG 0.02009-08-14
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2009-2746NONECVSS 0.0EG 0.02009-11-16
Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to…
- CVE-2009-2816NONECVSS 0.0EG 0.02009-11-13
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with…
- CVE-2009-2964NONECVSS 0.0EG 0.02009-08-25
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change …
- CVE-2009-3022MEDIUMCVSS 6.5EG 6.52009-08-31
Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.
- CVE-2009-3248NONECVSS 0.0EG 0.02009-09-18
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save acti…
- CVE-2009-3520HIGHCVSS 8.8EG 8.82009-10-01
Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and ui…
- CVE-2009-3580NONECVSS 0.0EG 0.02009-12-23
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password par…
- CVE-2009-3656NONECVSS 0.0EG 0.02009-10-09
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
- CVE-2009-3759HIGHCVSS 8.8EG 8.82009-10-22
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password …
- CVE-2009-3784NONECVSS 0.0EG 0.02009-10-26
Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2009-3785NONECVSS 0.0EG 0.02009-10-26
Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
- CVE-2009-3922NONECVSS 0.0EG 0.02009-11-09
Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (…
- CVE-2009-4066NONECVSS 0.0EG 0.02009-11-24
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users vi…
- CVE-2009-4076NONECVSS 0.0EG 0.02009-11-25
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different…
- CVE-2009-4077NONECVSS 0.0EG 0.02009-11-25
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different v…
- CVE-2009-4079NONECVSS 0.0EG 0.02009-11-25
Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.
- CVE-2009-4092NONECVSS 0.0EG 0.02009-11-29
Cross-site request forgery (CSRF) vulnerability in user.php in Simplog 0.9.3.2, and possibly earlier, allows remote attackers to hijack the authentication of administrators and users for requests that change passwords.
- CVE-2009-4120NONECVSS 0.0EG 0.02009-12-01
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.Cart 3.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete orders via an orders-delete action to admin.php, and possibl…
- CVE-2009-4121NONECVSS 0.0EG 0.02009-12-01
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to adm…
- CVE-2009-4139MEDIUMCVSS 6.8EG 6.82011-07-27
A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling use…
- CVE-2009-4173NONECVSS 0.0EG 0.02009-12-02
Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote attackers to hijack the authentication of administrators for requests that create new users, including a new administrator…
- CVE-2009-4297NONECVSS 0.0EG 0.02009-12-16
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2009-4349NONECVSS 0.0EG 0.02009-12-17
Cross-site request forgery (CSRF) vulnerability in administration/administrators.php in Link Up Gold 5.0 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.
- CVE-2009-4365NONECVSS 0.0EG 0.02009-12-21
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a …
- CVE-2009-4385NONECVSS 0.0EG 0.02009-12-22
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.…
- CVE-2009-4407NONECVSS 0.0EG 0.02009-12-23
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other un…
- CVE-2009-4517NONECVSS 0.0EG 0.02009-12-31
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
- CVE-2009-4555NONECVSS 0.0EG 0.02010-01-04
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via …
- CVE-2009-4572NONECVSS 0.0EG 0.02010-01-05
Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 allows remote attackers to hijack the authentication of arbitrary users for requests that invoke the cartAdd function in a shop/cart action to the default URI.
- CVE-2009-4773NONECVSS 0.0EG 0.02010-04-20
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims v…
- CVE-2009-4787NONECVSS 0.0EG 0.02010-04-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg before 1.0.3 allow remote attackers to hijack the authentication of administrators for requests that create user accounts or have unspecified other impact.
- CVE-2009-4826NONECVSS 0.0EG 0.02010-04-27
Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action.
- CVE-2009-4827NONECVSS 0.0EG 0.02010-04-27
Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action.
- CVE-2009-4828NONECVSS 0.0EG 0.02010-04-27
Cross-site request forgery (CSRF) vulnerability in administration/admins.php in Ad Manager Pro (aka AdManagerPro) 3.0 allows remote attackers to hijack the authentication of administrators for requests that create new administrative users …
- CVE-2009-4849NONECVSS 0.0EG 0.02010-05-07
Multiple cross-site request forgery (CSRF) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new user account…
- CVE-2009-4877NONECVSS 0.0EG 0.02010-05-26
Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
- CVE-2009-4898NONECVSS 0.0EG 0.02010-09-07
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribut…
- CVE-2009-4905NONECVSS 0.0EG 0.02010-06-25
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addre…
- CVE-2009-4906NONECVSS 0.0EG 0.02010-06-25
Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
- CVE-2009-4907NONECVSS 0.0EG 0.02010-06-25
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility…
- CVE-2009-4942NONECVSS 0.0EG 0.02010-07-22
Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items.
- CVE-2009-4981NONECVSS 0.0EG 0.02010-08-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Photokorn Gallery 1.81 allow remote attackers to hijack the authentication of administrators.
- CVE-2010-0153NONECVSS 0.0EG 0.02010-09-14
Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authen…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →