CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-22761 HIGH
FlatPress 1.1 - Cross-Site Request Forgery via DeleteFile Function
CVSS 8.8
CVE-2020-18157 HIGH
MetInfo 6.1.3 - Cross-Site Request Forgery via doaddsave Action
CVSS 8.8
CVE-2020-15660 HIGH
geckodriver < 0.27.0 - Cross-Site Request Forgery via Missing Content-Type Header Check
CVSS 8.8
CVE-2020-4675 MEDIUM
IBM InfoSphere Master Data Management Server 11.6 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-18151 MEDIUM
ThinkCMF < 6.0.8 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-27379 MEDIUM
Booking Core - Ultimate Booking System 1.7.0 - CSRF
CVSS 6.5
CVE-2020-4938 HIGH
IBM MQ Appliance 9.1-9.1.0.7 and 9.2-9.2.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-20586 MEDIUM
XYHCMS V3.6 - Cross-Site Request Forgery in /xyhai.php Auth/editUser Endpoint
CVSS 4.5
CVE-2020-18648 HIGH
juqingcms v1.0 - Cross-Site Request Forgery via Administrator Add Endpoint
CVSS 8.8
CVE-2020-20468 MEDIUM
White Shark System 1.3.2 - Cross-Site Request Forgery via user_edit_password.php
CVSS 6.5
CVE-2020-36389 MEDIUM
CiviCRM < 5.28.1 and < 5.27.5 ESR - Cross-Site Request Forgery in CKEditor Configuration Form
CVSS 4.3
CVE-2020-35759 MEDIUM
Bloofoxcms - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13663 HIGH
Drupal 7.0-7.71 and 8.9.0 - Cross-Site Request Forgery in Form API
CVSS 8.8
CVE-2020-26516 HIGH
Intland codeBeamer ALM <10.1.SP4 - CSRF
CVSS 8.8
CVE-2020-18265 HIGH
simple-log v1.6 - Cross-Site Request Forgery via admin.php act_add_member
CVSS 8.8
CVE-2020-18264 HIGH
simple-log 1.6 - Cross-Site Request Forgery via admin.php act_edit_member
CVSS 8.8
CVE-2020-36140 MEDIUM
Bloofoxcms - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-35972 MEDIUM
YzmCMS V5.8 - Cross-Site Request Forgery via Member User Account Addition
CVSS 4.3
CVE-2020-10771 HIGH
Infinispan 10 - Cross-Site Request Forgery via GET Requests
CVSS 7.1
CVE-2020-26641 HIGH
iCMS 7.0.16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-25411 MEDIUM
Projectworlds Online Examination System 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-25408 MEDIUM
ProjectWorlds College Management System Php 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-24740 MEDIUM
Pluck 4.7.10-dev2 - Cross-Site Request Forgery via Edit Page Action
CVSS 4.3
CVE-2020-18198 HIGH
Pluck CMS 4.7.9 - Cross-Site Request Forgery via Image Management Endpoint
CVSS 8.8
CVE-2020-18195 HIGH
Pluck CMS 4.7.9 - Cross-Site Request Forgery via Admin Page Action
CVSS 8.8
Details
Vulnerabilities 9,374
Exploit Likelihood Medium