CWE-352 - Cross-Site Request Forgery (CSRF)

Description

Cross-site request forgery (CSRF) is a weakness within a web application which is caused by insufficient or absent verification of the HTTP request origin. Webservers are usually designed to accept all requests and respond to them. If a client sends several HTTP requests within one or several sessions, it is impossible for a webserver to know whether all the requests were intentional, and they are treated as such. An attacker might be able to force a user to visit a specially crafted webpage and perform state changing requests like transferring funds, changing their email address, and so on and so forth.
Having gained the access to any data, attackers can carry out all the actions allowed only for valid users and even to cause the system problems by destructing or stealing data, uninstalling the product, or using it to make other attacks.
The weakness is introduced during Architecure and Design stage.

Latest vulnerabilities for CWE-352

Multiple vulnerabilities in IBM MobileFirst Platform Foundation 2024-04-24
High Yes

CSRF in HPE OfficeConnect 1820 Network switches 2024-04-23
Low Yes

Multiple vulnerabilities in IBM QRadar Deployment Intelligence App 2024-04-10
Medium Yes

Cross-site request forgery in Ninja Forms plugin for WordPress 2024-04-08
Low Yes

Multiple vulnerabilities in Cisco Emergency Responder 2024-04-04
Low Yes

Multiple vulnerabilities in Cisco Identity Services Engine 2024-04-04
Low Yes

Cross-site request forgery in Cisco Nexus Dashboard and Nexus Dashboard Hosted Services 2024-04-04
Low Yes

Multiple vulnerabilities in Emergency Ambulance Hiring Portal 2024-04-03
Low No

Multiple vulnerabilities in Netcool Operations Insight 2024-04-03
High Yes

Multiple vulnerabilities in TvRock 2024-03-25
Medium No

References

Description of CWE-352 on Mitre website