CWE-352 – Cross-Site Request Forgery (CSRF) | Common Weakness Enumeration（CWE）

概要

CWE-352（Cross-Site Request Forgery (CSRF)）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—
technology	—	Web Based	Undetermined	—
technology	Web Server	—	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2026-9719	2026-06-06	The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing…
CVE-2026-7047	2026-06-06	The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_a…
CVE-2026-11270	2026-06-05	Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11265	2026-06-05	Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11214	2026-06-04	Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …
CVE-2026-11200	2026-06-04	Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11195	2026-06-04	Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted H…
CVE-2026-11194	2026-06-04	Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11156	2026-06-04	Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11155	2026-06-04	Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11148	2026-06-04	Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Med…
CVE-2026-11139	2026-06-04	Inappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11134	2026-06-04	Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11129	2026-06-04	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11106	2026-06-04	Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-11084	2026-06-04	Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-11083	2026-06-04	Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
CVE-2026-43985	2026-06-04	Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose `configUpdate` as a state-changing administrator endpoint, but the route does not enforce…
CVE-2019-25729	2026-06-04	PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter…
CVE-2026-9732	2026-06-03	The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorre…

コンテンツ投稿

名称: PLOVER
日付: 2006-07-19
バージョン: Draft 3

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2008-07-01	Eric Dalci	1.0	—	updated Time_of_Introduction
2008-09-08	CWE Content Team	1.0	—	updated Alternate_Terms, Description, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings
2009-01-12	CWE Content Team	1.2	—	updated Applicable_Platforms, Description, Likelihood_of_Exploit, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Research_Gaps, Theoretical_Notes
2009-03-10	CWE Content Team	1.3	—	updated Potential_Mitigations
2009-05-20	Tom Stracener	1.4	—	Added demonstrative example for profile.
2009-05-27	CWE Content Team	1.4	—	updated Demonstrative_Examples, Related_Attack_Patterns
2009-12-28	CWE Content Team	1.7	—	updated Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Observed_Examples, Potential_Mitigations, Time_of_Introduction
2010-02-16	CWE Content Team	1.8	—	updated Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings
2010-06-21	CWE Content Team	1.9	—	updated Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships
2010-09-27	CWE Content Team	1.10	—	updated Potential_Mitigations
2011-03-29	CWE Content Team	1.12	—	updated Description
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2011-06-27	CWE Content Team	2.0	—	updated Relationships
2011-09-13	CWE Content Team	2.1	—	updated Potential_Mitigations, References
2012-05-11	CWE Content Team	2.2	—	updated Related_Attack_Patterns, Relationships
2012-10-30	CWE Content Team	2.3	—	updated Potential_Mitigations
2013-02-21	CWE Content Team	2.4	—	updated Relationships
2013-07-17	CWE Content Team	2.5	—	updated References, Relationships
2014-07-30	CWE Content Team	2.8	—	updated Detection_Factors
2015-12-07	CWE Content Team	2.9	—	updated Relationships
2017-11-08	CWE Content Team	3.0	—	updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships
2018-03-27	CWE Content Team	3.1	—	updated References, Relationship_Notes, Research_Gaps
2019-09-19	CWE Content Team	3.4	—	updated Relationships
2020-02-24	CWE Content Team	4.0	—	updated Relationships
2020-06-25	CWE Content Team	4.1	—	updated Relationships, Theoretical_Notes
2020-08-20	CWE Content Team	4.2	—	updated Relationships
2021-07-20	CWE Content Team	4.5	—	updated Relationships
2021-10-28	CWE Content Team	4.6	—	updated Relationships
2022-06-28	CWE Content Team	4.8	—	updated Relationships
2023-04-27	CWE Content Team	4.11	—	updated References, Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes, Relationships
2024-11-19	CWE Content Team	4.16	—	updated Relationships
2025-04-03	CWE Content Team	4.17	—	updated Alternate_Terms, Common_Consequences, Description, Diagram
2025-09-09	CWE Content Team	4.18	—	updated Detection_Factors, Potential_Mitigations, References
2025-12-11	CWE Content Team	4.19	—	updated Applicable_Platforms, Relationships, Weakness_Ordinalities

貢献

タイプ	名称	日付	コメント
Content	Abhi Balakrishnan	2024-02-29	Contributed usability diagram concepts used by the CWE team.