CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-19278 HIGH
mm-wiki 0.1.2 - Cross-Site Request Forgery via system/user/save Parameter
CVSS 8.8
CVE-2020-36669 HIGH
JetBackup - WP Backup <1.3.9 - CSRF
CVSS 8.8
CVE-2020-36633 MEDIUM
moodle-block_sitenews < 1.1 - Cross-Site Request Forgery in get_content Function
CVSS 4.3
CVE-2020-28191 HIGH
togglz < 2.9.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36625 MEDIUM
destiny chat - Cross-Site Request Forgery via WebSocket Upgrader
CVSS 4.3
CVE-2020-36623 MEDIUM
pengu < 2020-11-02 - Cross-Site Request Forgery in runApp Function
CVSS 4.3
CVE-2020-36622 MEDIUM
bienlein < 2020-09-28 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-23592 HIGH
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via mgm_dev_reset.asp
CVSS 8.8
CVE-2020-23590 MEDIUM
Optilink OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via wlwpa.asp
CVSS 6.5
CVE-2020-23589 MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Denial of Service via CSRF to Reboot Endpoint
CVSS 6.5
CVE-2020-23588 MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via rmtacc.asp
CVSS 4.3
CVE-2020-23587 LOW
OPTILINK OP-XT71000N V2.2 OP_V3.3.1-191028 CSRF via Routing Config
CVSS 3.1
CVE-2020-23586 MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2020-23593 MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via mgm_log_cfg.asp
CVSS 6.5
CVE-2020-23585 HIGH
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Cross-Site Request Forgery via mgm_config_file.asp
CVSS 8.8
CVE-2020-23582 MEDIUM
optilink OP-XT71000N V2.2 - Unauthenticated Cross-Site Request Forgery via wlmultipleap.asp
CVSS 6.5
CVE-2020-8976 CRITICAL
ZGR TPS200 NG Firmware 2.00 - Cross-Site Request Forgery
CVSS 9.6
CVE-2020-35675 HIGH
BigProf Online Invoicing System < 3.0 - Cross-Site Request Forgery in Admin Transfer Ownership
CVSS 8.8
CVE-2020-4301 MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-36534 MEDIUM
easyiicms - Cross-Site Request Forgery in /admin/sign/out
CVSS 4.3
CVE-2020-20971 HIGH
PbootCMS 2.0.3 - Cross-Site Request Forgery via User Index Endpoint
CVSS 8.8
CVE-2020-4668 HIGH
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.5 and 6.1.0.0-6.1.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-18326 HIGH
Intelliants Subrion CMS v4.2.1 - Unauthenticated Cross-Site Request Forgery via Members Administrator Function
CVSS 8.8
CVE-2020-13674 MEDIUM
Drupal 8.9.0-8.9.18 - Cross-Site Request Forgery in QuickEdit Module
CVSS 6.5
CVE-2020-13673 MEDIUM
Drupal Entity Embed - Cross-Site Request Forgery
CVSS 6.1
Details
Vulnerabilities 9,374
Exploit Likelihood Medium