CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,374 vulnerabilities with CWE-352
CVE-2020-18964 HIGH
ForestBlog - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-23376 MEDIUM
NoneCMS 1.3 - Cross-Site Request Forgery in Navigation Column Addition
CVSS 6.1
CVE-2020-19199 HIGH
PHPOK 5.2.060 - Cross-Site Request Forgery via admin.php
CVSS 8.8
CVE-2020-23264 HIGH
fork-cms < 5.8.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-18889 MEDIUM
puppyCMS 5.1 - Cross-Site Request Forgery via Admin Settings
CVSS 6.5
CVE-2020-23127 HIGH
Chamilo LMS 1.11.10 - Cross-Site Request Forgery via edit_user Function
CVSS 8.8
CVE-2020-36334 HIGH
themegrill_demo_importer < 1.6.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-22000 HIGH
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
CVSS 8.0
CVE-2020-21989 HIGH
HomeAutomation 3.3.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-21884 HIGH
UniBox U50/U500/U1000/U2500/U5000 Firmware 2.4 - Cross-Site Request Forgery in Network Trace and User Listing Endpoints
CVSS 8.8
CVE-2020-23426 CRITICAL
zzcms <201910 - Privilege Escalation
CVSS 9.8
CVE-2020-19639 HIGH
INSMA Wifi Mini Spy 1080P HD Security IP Camera Firmware 1.9.7 B - Cross-Site Request Forgery via WebUI
CVSS 8.8
CVE-2020-36283 CRITICAL
HID OMNIKEY 5427 and 5127 Firmware - Cross-Site Request Forgery via EEM Driver
CVSS 9.6
CVE-2020-29553 HIGH
Grav CMS < 1.7.0-rc.17 - Cross-Site Request Forgery in Scheduler
CVSS 8.8
CVE-2020-24982 MEDIUM
Quadbase ExpressDashboard 7 Update 9 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-24984 HIGH
Quadbase EspressReports ES 7 Update 9 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-24983 HIGH
Quadbase EspressReports ES 7 Update 9 - Unauthenticated Cross-Site Request Forgery via DashboardBuilder
CVSS 8.8
CVE-2020-14989 MEDIUM
Bloomreach Experience Manager <14.2.2 - CSRF
CVSS 6.5
CVE-2020-35223 HIGH
NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 - Cross-Site Request Forgery via CSRF Token Omission
CVSS 8.8
CVE-2020-28705 MEDIUM
FUEL CMS 1.4.13 - Cross-Site Request Forgery via Page Deletion Endpoint
CVSS 4.3
CVE-2020-27574 HIGH
Maxum Rumpus 8.2.13 and 8.2.14 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-29030 HIGH
Secomea GateManager < 9.4.621054022 - Cross-Site Request Forgery in Web GUI
CVSS 8.1
CVE-2020-27997 HIGH
SmartStoreNET < 4.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-36247 HIGH
Open OnDemand < 1.5.7 and 1.6.x < 1.6.22 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-13186 MEDIUM
Teradici Cloud Access Connector <31 - CSRF
CVSS 6.5
Details
Vulnerabilities 9,374
Exploit Likelihood Medium