CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-19280 HIGH
Jeesns 1.4.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-19268 MEDIUM
Dswjcms 1.6.4 - Authenticated Cross-Site Request Forgery in User/tfAdd
CVSS 5.7
CVE-2020-19264 MEDIUM
MipCMS 5.0.1 - Cross-Site Request Forgery via User Addition Endpoint
CVSS 6.5
CVE-2020-19263 HIGH
MipCMS 5.0.1 - Cross-Site Request Forgery via User Privilege Escalation Endpoint
CVSS 8.8
CVE-2020-20343 MEDIUM
WTCMS 1.0 - Cross-Site Request Forgery in Admin Article Addition
CVSS 6.5
CVE-2020-19047 HIGH
iwebshop v5.3 - Cross-Site Request Forgery via Admin Edit POST Request
CVSS 8.8
CVE-2020-18124 MEDIUM
Indexhibit 2.1.5 - Cross-Site Request Forgery
CVSS 5.7
CVE-2020-18123 MEDIUM
Indexhibit 2.1.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-18917 HIGH
dedecms 5.7 SP2 - Remote Code Execution via typename Parameter
CVSS 8.8
CVE-2020-24130 HIGH
Ponzu 0.11.0 - Cross-Site Request Forgery in Configure Component
CVSS 8.1
CVE-2020-20642 HIGH
EyouCMS 1.3.6 - Cross-Site Request Forgery via Filemanager Newfile Endpoint
CVSS 8.8
CVE-2020-19669 HIGH
Eyoucms 1.3.6 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2020-28846 MEDIUM
SeaCMS 10.7 - Cross-Site Request Forgery in admin_manager.php
CVSS 6.5
CVE-2020-4992 MEDIUM
IBM DataPower Gateway 2018.4.1.0-2018.4.1.16 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-22403 HIGH
express-cart < 1.1.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-20989 MEDIUM
Domainmod 4.13 - Cross-Site Request Forgery in Admin Maintenance Log Deletion
CVSS 4.3
CVE-2020-18464 LOW
AikCms 2.0.0 - Cross-Site Request Forgery in video_list.php
CVSS 3.5
CVE-2020-18463 LOW
aikcms 2.0.0 - Cross-Site Request Forgery in video_list.php
CVSS 2.4
CVE-2020-18460 HIGH
711cms v1.0.7 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2020-18458 HIGH
DamiCMS 6.0.6 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.0
CVE-2020-18457 MEDIUM
bycms 1.3.0 - Cross-Site Request Forgery via Admin Account Addition
CVSS 6.8
CVE-2020-18454 MEDIUM
bycms v1.3 - Cross-Site Request Forgery via admin.php/systems/index/module_id/70/group_id/1.html
CVSS 6.8
CVE-2020-25562 MEDIUM
SapphireIMS 5.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-21358 MEDIUM
Wage-CMS 1.5.x-dev - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-18694 HIGH
IgnitedCMS v1.0 - Cross-Site Request Forgery in Profile Save Endpoint
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium