CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2020-19278
HIGH
mm-wiki 0.1.2 - Cross-Site Request Forgery via system/user/save Parameter
CVSS 8.8
CVE-2020-36669
HIGH
JetBackup - WP Backup <1.3.9 - CSRF
CVSS 8.8
CVE-2020-36633
MEDIUM
moodle-block_sitenews < 1.1 - Cross-Site Request Forgery in get_content Function
CVSS 4.3
CVE-2020-28191
HIGH
togglz < 2.9.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36625
MEDIUM
destiny chat - Cross-Site Request Forgery via WebSocket Upgrader
CVSS 4.3
CVE-2020-36623
MEDIUM
pengu < 2020-11-02 - Cross-Site Request Forgery in runApp Function
CVSS 4.3
CVE-2020-36622
MEDIUM
bienlein < 2020-09-28 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-23592
HIGH
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via mgm_dev_reset.asp
CVSS 8.8
CVE-2020-23590
MEDIUM
Optilink OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via wlwpa.asp
CVSS 6.5
CVE-2020-23589
MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Denial of Service via CSRF to Reboot Endpoint
CVSS 6.5
CVE-2020-23588
MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via rmtacc.asp
CVSS 4.3
CVE-2020-23587
LOW
OPTILINK OP-XT71000N V2.2 OP_V3.3.1-191028 CSRF via Routing Config
CVSS 3.1
CVE-2020-23586
MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2020-23593
MEDIUM
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Unauthenticated Cross-Site Request Forgery via mgm_log_cfg.asp
CVSS 6.5
CVE-2020-23585
HIGH
OPTILINK OP-XT71000N V2.2 Firmware OP_V3.3.1-191028 - Cross-Site Request Forgery via mgm_config_file.asp
CVSS 8.8
CVE-2020-23582
MEDIUM
optilink OP-XT71000N V2.2 - Unauthenticated Cross-Site Request Forgery via wlmultipleap.asp
CVSS 6.5
CVE-2020-8976
CRITICAL
ZGR TPS200 NG Firmware 2.00 - Cross-Site Request Forgery
CVSS 9.6
CVE-2020-35675
HIGH
BigProf Online Invoicing System < 3.0 - Cross-Site Request Forgery in Admin Transfer Ownership
CVSS 8.8
CVE-2020-4301
MEDIUM
IBM Cognos Analytics 11.1.7, 11.2.0, 11.2.1 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-36534
MEDIUM
easyiicms - Cross-Site Request Forgery in /admin/sign/out
CVSS 4.3
CVE-2020-20971
HIGH
PbootCMS 2.0.3 - Cross-Site Request Forgery via User Index Endpoint
CVSS 8.8
CVE-2020-4668
HIGH
IBM Sterling B2B Integrator 6.0.0.0-6.0.3.5 and 6.1.0.0-6.1.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-18326
HIGH
Intelliants Subrion CMS v4.2.1 - Unauthenticated Cross-Site Request Forgery via Members Administrator Function
CVSS 8.8
CVE-2020-13674
MEDIUM
Drupal 8.9.0-8.9.18 - Cross-Site Request Forgery in QuickEdit Module
CVSS 6.5
CVE-2020-13673
MEDIUM
Drupal Entity Embed - Cross-Site Request Forgery
CVSS 6.1
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium