CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,374 vulnerabilities with CWE-352
CVE-2020-18964
HIGH
ForestBlog - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-23376
MEDIUM
NoneCMS 1.3 - Cross-Site Request Forgery in Navigation Column Addition
CVSS 6.1
CVE-2020-19199
HIGH
PHPOK 5.2.060 - Cross-Site Request Forgery via admin.php
CVSS 8.8
CVE-2020-23264
HIGH
fork-cms < 5.8.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-18889
MEDIUM
puppyCMS 5.1 - Cross-Site Request Forgery via Admin Settings
CVSS 6.5
CVE-2020-23127
HIGH
Chamilo LMS 1.11.10 - Cross-Site Request Forgery via edit_user Function
CVSS 8.8
CVE-2020-36334
HIGH
themegrill_demo_importer < 1.6.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-22000
HIGH
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
CVSS 8.0
CVE-2020-21989
HIGH
HomeAutomation 3.3.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-21884
HIGH
UniBox U50/U500/U1000/U2500/U5000 Firmware 2.4 - Cross-Site Request Forgery in Network Trace and User Listing Endpoints
CVSS 8.8
CVE-2020-23426
CRITICAL
zzcms <201910 - Privilege Escalation
CVSS 9.8
CVE-2020-19639
HIGH
INSMA Wifi Mini Spy 1080P HD Security IP Camera Firmware 1.9.7 B - Cross-Site Request Forgery via WebUI
CVSS 8.8
CVE-2020-36283
CRITICAL
HID OMNIKEY 5427 and 5127 Firmware - Cross-Site Request Forgery via EEM Driver
CVSS 9.6
CVE-2020-29553
HIGH
Grav CMS < 1.7.0-rc.17 - Cross-Site Request Forgery in Scheduler
CVSS 8.8
CVE-2020-24982
MEDIUM
Quadbase ExpressDashboard 7 Update 9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-24984
HIGH
Quadbase EspressReports ES 7 Update 9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-24983
HIGH
Quadbase EspressReports ES 7 Update 9 - Unauthenticated Cross-Site Request Forgery via DashboardBuilder
CVSS 8.8
CVE-2020-14989
MEDIUM
Bloomreach Experience Manager <14.2.2 - CSRF
CVSS 6.5
CVE-2020-35223
HIGH
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Cross-Site Request Forgery via CSRF Token Omission
CVSS 8.8
CVE-2020-28705
MEDIUM
FUEL CMS 1.4.13 - Cross-Site Request Forgery via Page Deletion Endpoint
CVSS 4.3
CVE-2020-27574
HIGH
Maxum Rumpus 8.2.13 and 8.2.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-29030
HIGH
Secomea GateManager < 9.4.621054022 - Cross-Site Request Forgery in Web GUI
CVSS 8.1
CVE-2020-27997
HIGH
SmartStoreNET < 4.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36247
HIGH
Open OnDemand < 1.5.7 and 1.6.x < 1.6.22 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-13186
MEDIUM
Teradici Cloud Access Connector <31 - CSRF
CVSS 6.5
Details
Vulnerabilities
9,374
Exploit Likelihood
Medium