CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2021-1257 HIGH
Cisco Catalyst Center - Cross-Site Request Forgery
CVSS 8.8
CVE-2021-3133 MEDIUM
Elementor Contact Form DB < 1.6 - Cross-Site Request Forgery via Backend Admin Pages
CVSS 6.5
CVE-2021-21241 HIGH
Flask-Security-Too 3.3.0-3.4.5 - Cross-Site Request Forgery via Unprotected GET Requests
CVSS 7.4
CVE-2021-21495 HIGH
mk-auth < 19.01 - Cross-Site Request Forgery via Password Change Endpoint
CVSS 8.8
CVE-2020-37241 MEDIUM
bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
CVSS 5.3
CVE-2020-37217 MEDIUM
Easy2Pilot 7 Cross-Site Request Forgery via admin.php
CVSS 4.3
CVE-2020-37158 MEDIUM
AVideo Platform 8.1 - Cross-Site Request Forgery via Password Recovery Mechanism
CVSS 5.3
CVE-2020-37106 MEDIUM
Business Live Chat Software 1.0 - CSRF
CVSS 5.3
CVE-2020-37079 MEDIUM
Wing FTP Server < 6.2.7 - Cross-Site Request Forgery in Web Administration Interface
CVSS 4.3
CVE-2020-37149 HIGH
Edimax EW-7438RPn-v3 Mini 1.27 - CSRF
CVSS 8.1
CVE-2020-37145 MEDIUM
HRSALE 1.1.8 - Cross-Site Request Forgery via Employee Registration Form
CVSS 4.3
CVE-2020-37144 MEDIUM
Exagate Sysguard 6001 - Cross-Site Request Forgery via /kulyon.php Admin Account Creation
CVSS 5.3
CVE-2020-37118 LOW
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
CVSS 3.5
CVE-2020-37096 MEDIUM
Edimax EW-7438RPn 1.13 - Cross-Site Request Forgery in MAC Filtering Configuration
CVSS 5.3
CVE-2020-37091 MEDIUM
Maian Support Helpdesk 4.3 - Unauthenticated Cross-Site Request Forgery to Add Admin
CVSS 5.3
CVE-2020-37054 MEDIUM
Navigate CMS 2.8.7 - Cross-Site Request Forgery via Extension Upload
CVSS 4.3
CVE-2020-37046 MEDIUM
Sistem Informasi Pengumuman Kelulusan Online 1.0 - CSRF
CVSS 5.3
CVE-2020-37026 MEDIUM
Sickbeard alpha - Cross-Site Request Forgery via Crafted Configuration Parameters
CVSS 5.3
CVE-2020-37007 MEDIUM
Liman 0.7 - Cross-Site Request Forgery
CVSS 5.3
CVE-2020-36918 MEDIUM
iDS6 DSSPro Digital Signage System 6.2 - CSRF
CVSS 4.3
CVE-2020-36908 MEDIUM
SnapGear Management Console SG560 3.1.5 - CSRF
CVSS 5.3
CVE-2020-36906 MEDIUM
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
CVSS 4.3
CVE-2020-36901 HIGH
UBICOD Medivision Digital Signage 1.5.1 - CSRF
CVSS 8.8
CVE-2020-36900 HIGH
All-Dynamics Digital Signage System 2.0.2 - CSRF
CVSS 8.8
CVE-2020-36886 HIGH
SpinetiX Fusion Digital Signage 3.4.8 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium