CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,375 vulnerabilities with CWE-352
CVE-2020-13186
MEDIUM
Teradici Cloud Access Connector <31 - CSRF
CVSS 6.5
CVE-2020-10734
LOW
Keycloak - Cross-Site Request Forgery in OIDC Logout Endpoint
CVSS 3.3
CVE-2020-28644
MEDIUM
owncloud < 10.6.0 - Cross-Site Request Forgery in OCS API Endpoints
CVSS 4.3
CVE-2020-35943
MEDIUM
NextGEN Gallery < 3.5.0 - Cross-Site Request Forgery via Missing Nonce Parameter
CVSS 6.5
CVE-2020-35942
HIGH
NextGEN Gallery < 3.5.0 - Cross-Site Request Forgery via Missing Nonce Parameter
CVSS 8.8
CVE-2020-13460
HIGH
Tufin SecureTrack < R20-2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4827
MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-4826
MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-9388
MEDIUM
SquaredUp < 4.6.0 - Cross-Site Request Forgery via Dashboard Tile or SVG Upload
CVSS 6.5
CVE-2020-24271
HIGH
EasyCMS 1.6 - Cross-Site Request Forgery via Admin User Creation Endpoint
CVSS 8.8
CVE-2020-29004
HIGH
MediaWiki < 1.35 - Cross-Site Request Forgery via Push Extension API
CVSS 8.8
CVE-2020-28403
HIGH
Star Practice Management Web 2019.2.0.6 - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-13569
HIGH
OpenEMR 5.0.2 and 6.0.0 - Cross-Site Request Forgery in GACL Functionality
CVSS 8.8
CVE-2020-35239
HIGH
CakePHP 4.0.0-4.1.3 - Cross-Site Request Forgery Bypass via Method Override Parameter
CVSS 8.8
CVE-2020-12511
HIGH
Pepperl+Fuchs Comtrol IO-Link Master <1.5.48 - CSRF
CVSS 8.8
CVE-2020-28452
MEDIUM
akka-http-session < 0.6.1 - Cross-Site Request Forgery Protection Bypass via X-XSRF-TOKEN Header
CVSS 6.3
CVE-2020-35217
HIGH
Vert.x-Web 4.0.0-milestone1-4.0.0-milestone4 - Cross-Site Request Forgery via Incorrect Token Verification
CVSS 8.8
CVE-2020-23342
HIGH
Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function
CVSS 8.8
CVE-2020-23522
MEDIUM
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
CVSS 6.8
CVE-2020-6776
HIGH
Bosch PRAESIDEO <= 4.41 and PRAESENSA <= 1.10 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2020-35687
MEDIUM
PHPFusion 9.03.90 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-36191
MEDIUM
JupyterHub 1.1.0 - Cross-Site Request Forgery via Missing _xsrf Field
CVSS 4.5
CVE-2020-23631
MEDIUM
WDJA CMS 1.5 - Cross-Site Request Forgery and Cross-Site Scripting via tongji Parameter
CVSS 6.1
CVE-2020-23960
HIGH
Fork CMS < 5.8.3 - Cross-Site Request Forgery in Admin Console
CVSS 8.8
CVE-2020-35722
MEDIUM
Quest Policy Authority for Unified Communications 8.1.2.200 - Cross-Site Request Forgery via submitUser.jsp
CVSS 6.5
Details
Vulnerabilities
9,375
Exploit Likelihood
Medium