| CAPEC | Related Weakness |
| Cross Site Request Forgery |
| CWE-306 | Missing Authentication for Critical Function |
| CWE-352 | Cross-Site Request Forgery (CSRF) |
| CWE-664 | Improper Control of a Resource Through its Lifetime |
| CWE-716 | OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
| Choosing Message Identifier |
| CWE-201 | Exposure of Sensitive Information Through Sent Data |
| CWE-306 | Missing Authentication for Critical Function |
|
| Using Unpublished APIs |
| CWE-306 | Missing Authentication for Critical Function |
| CWE-693 | Protection Mechanism Failure |
| CWE-695 | Use of Low-Level Functionality |
|
| Force the System to Reset Values |
| CWE-306 | Missing Authentication for Critical Function |
|
