CWE-352— Cross-Site Request Forgery (CSRF)
8,629 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 6 of 173
- CVE-2010-0289NONECVSS 0.0EG 0.02010-02-15
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify acces…
- CVE-2010-0540NONECVSS 0.0EG 0.02010-06-17
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administ…
- CVE-2010-0637NONECVSS 0.0EG 0.02010-02-12
Multiple cross-site request forgery (CSRF) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to hijack the authentication of administrators for requests that (1) delete an event or (2) ban an IP …
- CVE-2010-0638NONECVSS 0.0EG 0.02010-02-15
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of …
- CVE-2010-0707NONECVSS 0.0EG 0.02010-02-25
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of …
- CVE-2010-0709NONECVSS 0.0EG 0.02010-02-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.…
- CVE-2010-0711NONECVSS 0.0EG 0.02010-02-25
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users …
- CVE-2010-0713NONECVSS 0.0EG 0.02010-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/Zen…
- CVE-2010-0785NONECVSS 0.0EG 0.02010-11-09
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims…
- CVE-2010-0921NONECVSS 0.0EG 0.02010-03-03
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack …
- CVE-2010-0992NONECVSS 0.0EG 0.02010-04-09
Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse CMS Basic 1.2.2 and 1.2.3, and possibly Pulse Pro before 1.3.2, allow remote attackers to hijack the authentication of users for requests that (1) upload image files, (2) …
- CVE-2010-1037NONECVSS 0.0EG 0.02010-04-28
Cross-site request forgery (CSRF) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2010-1150NONECVSS 0.0EG 0.02010-04-20
MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a vic…
- CVE-2010-1325NONECVSS 0.0EG 0.02010-09-03
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via ve…
- CVE-2010-1542NONECVSS 0.0EG 0.02010-04-26
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/configure.php in DFD Cart 1.198, 1.197, and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scriptin…
- CVE-2010-1547NONECVSS 0.0EG 0.02010-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a page …
- CVE-2010-1610NONECVSS 0.0EG 0.02010-04-29
Cross-site request forgery (CSRF) vulnerability in index.php in OpenCart 1.4 allows remote attackers to hijack the authentication of an application administrator for requests that create an administrative account via a POST request with th…
- CVE-2010-1611NONECVSS 0.0EG 0.02010-04-29
Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.
- CVE-2010-1648NONECVSS 0.0EG 0.02010-06-08
Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) r…
- CVE-2010-1668NONECVSS 0.0EG 0.02010-07-06
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2010-1732NONECVSS 0.0EG 0.02010-05-06
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email addres…
- CVE-2010-1767NONECVSS 0.0EG 0.02010-09-24
Cross-site request forgery (CSRF) vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified vi…
- CVE-2010-1968NONECVSS 0.0EG 0.02010-07-15
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-201…
- CVE-2010-1971NONECVSS 0.0EG 0.02010-07-15
Cross-site request forgery (CSRF) vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-201…
- CVE-2010-2007NONECVSS 0.0EG 0.02010-05-20
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrM…
- CVE-2010-2025NONECVSS 0.0EG 0.02010-05-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administra…
- CVE-2010-2039NONECVSS 0.0EG 0.02010-05-25
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to i…
- CVE-2010-2111NONECVSS 0.0EG 0.02010-05-28
Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin act…
- CVE-2010-2113NONECVSS 0.0EG 0.02010-05-28
Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpse…
- CVE-2010-2114NONECVSS 0.0EG 0.02010-05-28
Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.
- CVE-2010-2151NONECVSS 0.0EG 0.02010-06-03
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown …
- CVE-2010-2231NONECVSS 0.0EG 0.02010-06-28
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delet…
- CVE-2010-2234NONECVSS 0.0EG 0.02010-08-19
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
- CVE-2010-2268NONECVSS 0.0EG 0.02010-06-15
Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in Accoria Web Server (aka Rock Web Server) 1.4.7 allows remote attackers to hijack the authentication of administrators for requests that create user accounts.
- CVE-2010-2282NONECVSS 0.0EG 0.02010-06-15
Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.
- CVE-2010-2294NONECVSS 0.0EG 0.02010-06-15
Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
- CVE-2010-2345NONECVSS 0.0EG 0.02010-06-21
Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified request…
- CVE-2010-2594NONECVSS 0.0EG 0.02010-07-02
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and…
- CVE-2010-3024NONECVSS 0.0EG 0.02010-08-16
Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administ…
- CVE-2010-3026NONECVSS 0.0EG 0.02010-08-16
Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests t…
- CVE-2010-3030NONECVSS 0.0EG 0.02010-08-17
Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the …
- CVE-2010-3213NONECVSS 0.0EG 0.02010-09-07
Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated …
- CVE-2010-3271NONECVSS 0.0EG 0.02011-07-18
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication …
- CVE-2010-3288NONECVSS 0.0EG 0.02010-10-23
Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2010-3305HIGHCVSS 8.8EG 8.82019-11-12
Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.
- CVE-2010-3449NONECVSS 0.0EG 0.02010-12-06
Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1; and Apache Continuum 1.3.6, 1.4.0, and 1.1 through 1.2.3.1; …
- CVE-2010-3464NONECVSS 0.0EG 0.02010-09-17
Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding adminis…
- CVE-2010-3603NONECVSS 0.0EG 0.02010-09-24
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbit…
- CVE-2010-3694NONECVSS 0.0EG 0.02010-11-09
Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
- CVE-2010-3878NONECVSS 0.0EG 0.02010-12-30
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for r…
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →