CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-7534 HIGH
Schneider Electric Modicon M340 BMXP342020 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-29292 MEDIUM
iBall WRD12EN 1.0.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-21236 HIGH
DamiCMS v6.0 - Cross-Site Request Forgery in Article Edit Endpoint
CVSS 8.8
CVE-2020-20945 HIGH
Qibosoft v7 - Cross-Site Request Forgery in Admin Member Edit Endpoint
CVSS 8.8
CVE-2020-20943 MEDIUM
Qibosoft v7 - Cross-Site Request Forgery in Post Article Endpoint
CVSS 4.3
CVE-2020-20595 MEDIUM
OPMS <= 1.3 - Cross-Site Request Forgery via User Add Endpoint
CVSS 6.5
CVE-2020-20593 HIGH
Rockoa 1.9.8 - Authenticated Administrator Account Creation via CSRF
CVSS 8.0
CVE-2020-19682 HIGH
zzzcms V1.7.1 - Cross-Site Request Forgery via save_user Function
CVSS 8.8
CVE-2020-21141 HIGH
iCMS 7.0.15 - Cross-Site Request Forgery via Admin Member Addition
CVSS 8.8
CVE-2020-28137 MEDIUM
Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-21139 MEDIUM
EC Cloud E-Commerce System 1.3 - Cross-Site Request Forgery via Admin Account Addition
CVSS 6.5
CVE-2020-23686 HIGH
AyaCMS 3.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36505 MEDIUM
Delete All Comments Easily < 1.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-36504 MEDIUM
WP-Pro-Quiz < 0.37 - Cross-Site Request Forgery via Quiz Deletion
CVSS 6.5
CVE-2020-19964 MEDIUM
PHPMyWind 5.6 - Unauthenticated Cross-Site Request Forgery
CVSS 6.5
CVE-2020-21658 MEDIUM
wdja_cms 1.5.2 - Cross-Site Request Forgery via Administrator Account Addition
CVSS 6.5
CVE-2020-21386 HIGH
Maccms 10 - Cross-Site Request Forgery in admin.php/admin/type/info.html
CVSS 8.8
CVE-2020-20693 HIGH
GilaCMS 1.11.4 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2020-20514 HIGH
Maccms v10 - Authenticated Cross-Site Request Forgery via admin.php/admin/admin/del/ids Endpoint
CVSS 8.1
CVE-2020-19951 HIGH
YzmCMS v5.5 - Cross-Site Request Forgery in Pay Controller
CVSS 8.8
CVE-2020-21321 MEDIUM
emlog v6.0 - Cross-Site Request Forgery via /admin/link.php?action=addlink
CVSS 4.3
CVE-2020-21126 HIGH
MetInfo 7.0.0 - Cross-Site Request Forgery via admin/?n=admin&c=index&a=doSaveInfo
CVSS 8.8
CVE-2020-19159 HIGH
LaikeTui v3 - Cross-Site Request Forgery via Member Add Endpoint
CVSS 8.8
CVE-2020-21081 MEDIUM
Maccms 8.0 - Cross-Site Request Forgery via Crafted URL
CVSS 6.5
CVE-2020-20671 HIGH
kitecms V1.1 - Cross-Site Request Forgery
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium