CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2020-22761
HIGH
FlatPress 1.1 - Cross-Site Request Forgery via DeleteFile Function
CVSS 8.8
CVE-2020-18157
HIGH
MetInfo 6.1.3 - Cross-Site Request Forgery via doaddsave Action
CVSS 8.8
CVE-2020-15660
HIGH
geckodriver < 0.27.0 - Cross-Site Request Forgery via Missing Content-Type Header Check
CVSS 8.8
CVE-2020-4675
MEDIUM
IBM InfoSphere Master Data Management Server 11.6 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-18151
MEDIUM
ThinkCMF < 6.0.8 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-27379
MEDIUM
Booking Core - Ultimate Booking System 1.7.0 - CSRF
CVSS 6.5
CVE-2020-4938
HIGH
IBM MQ Appliance 9.1-9.1.0.7 and 9.2-9.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-20586
MEDIUM
XYHCMS V3.6 - Cross-Site Request Forgery in /xyhai.php Auth/editUser Endpoint
CVSS 4.5
CVE-2020-18648
HIGH
juqingcms v1.0 - Cross-Site Request Forgery via Administrator Add Endpoint
CVSS 8.8
CVE-2020-20468
MEDIUM
White Shark System 1.3.2 - Cross-Site Request Forgery via user_edit_password.php
CVSS 6.5
CVE-2020-36389
MEDIUM
CiviCRM < 5.28.1 and < 5.27.5 ESR - Cross-Site Request Forgery in CKEditor Configuration Form
CVSS 4.3
CVE-2020-35759
MEDIUM
Bloofoxcms - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13663
HIGH
Drupal 7.0-7.71 and 8.9.0 - Cross-Site Request Forgery in Form API
CVSS 8.8
CVE-2020-26516
HIGH
Intland codeBeamer ALM <10.1.SP4 - CSRF
CVSS 8.8
CVE-2020-18265
HIGH
simple-log v1.6 - Cross-Site Request Forgery via admin.php act_add_member
CVSS 8.8
CVE-2020-18264
HIGH
simple-log 1.6 - Cross-Site Request Forgery via admin.php act_edit_member
CVSS 8.8
CVE-2020-36140
MEDIUM
Bloofoxcms - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-35972
MEDIUM
YzmCMS V5.8 - Cross-Site Request Forgery via Member User Account Addition
CVSS 4.3
CVE-2020-10771
HIGH
Infinispan 10 - Cross-Site Request Forgery via GET Requests
CVSS 7.1
CVE-2020-26641
HIGH
iCMS 7.0.16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-25411
MEDIUM
Projectworlds Online Examination System 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-25408
MEDIUM
ProjectWorlds College Management System Php 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-24740
MEDIUM
Pluck 4.7.10-dev2 - Cross-Site Request Forgery via Edit Page Action
CVSS 4.3
CVE-2020-18198
HIGH
Pluck CMS 4.7.9 - Cross-Site Request Forgery via Image Management Endpoint
CVSS 8.8
CVE-2020-18195
HIGH
Pluck CMS 4.7.9 - Cross-Site Request Forgery via Admin Page Action
CVSS 8.8
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium