CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-13186 MEDIUM
Teradici Cloud Access Connector <31 - CSRF
CVSS 6.5
CVE-2020-10734 LOW
Keycloak - Cross-Site Request Forgery in OIDC Logout Endpoint
CVSS 3.3
CVE-2020-28644 MEDIUM
owncloud < 10.6.0 - Cross-Site Request Forgery in OCS API Endpoints
CVSS 4.3
CVE-2020-35943 MEDIUM
NextGEN Gallery < 3.5.0 - Cross-Site Request Forgery via Missing Nonce Parameter
CVSS 6.5
CVE-2020-35942 HIGH
NextGEN Gallery < 3.5.0 - Cross-Site Request Forgery via Missing Nonce Parameter
CVSS 8.8
CVE-2020-13460 HIGH
Tufin SecureTrack < R20-2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4827 MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-4826 MEDIUM
IBM API Connect 10.0.0.0-10.0.1.0 and 2018.4.1.0-2018.4.1.13 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-9388 MEDIUM
SquaredUp < 4.6.0 - Cross-Site Request Forgery via Dashboard Tile or SVG Upload
CVSS 6.5
CVE-2020-24271 HIGH
EasyCMS 1.6 - Cross-Site Request Forgery via Admin User Creation Endpoint
CVSS 8.8
CVE-2020-29004 HIGH
MediaWiki < 1.35 - Cross-Site Request Forgery via Push Extension API
CVSS 8.8
CVE-2020-28403 HIGH
Star Practice Management Web 2019.2.0.6 - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-13569 HIGH
OpenEMR 5.0.2 and 6.0.0 - Cross-Site Request Forgery in GACL Functionality
CVSS 8.8
CVE-2020-35239 HIGH
CakePHP 4.0.0-4.1.3 - Cross-Site Request Forgery Bypass via Method Override Parameter
CVSS 8.8
CVE-2020-12511 HIGH
Pepperl+Fuchs Comtrol IO-Link Master <1.5.48 - CSRF
CVSS 8.8
CVE-2020-28452 MEDIUM
akka-http-session < 0.6.1 - Cross-Site Request Forgery Protection Bypass via X-XSRF-TOKEN Header
CVSS 6.3
CVE-2020-35217 HIGH
Vert.x-Web 4.0.0-milestone1-4.0.0-milestone4 - Cross-Site Request Forgery via Incorrect Token Verification
CVSS 8.8
CVE-2020-23342 HIGH
Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function
CVSS 8.8
CVE-2020-23522 MEDIUM
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
CVSS 6.8
CVE-2020-6776 HIGH
Bosch PRAESIDEO <= 4.41 and PRAESENSA <= 1.10 - Unauthenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2020-35687 MEDIUM
PHPFusion 9.03.90 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-36191 MEDIUM
JupyterHub 1.1.0 - Cross-Site Request Forgery via Missing _xsrf Field
CVSS 4.5
CVE-2020-23631 MEDIUM
WDJA CMS 1.5 - Cross-Site Request Forgery and Cross-Site Scripting via tongji Parameter
CVSS 6.1
CVE-2020-23960 HIGH
Fork CMS < 5.8.3 - Cross-Site Request Forgery in Admin Console
CVSS 8.8
CVE-2020-35722 MEDIUM
Quest Policy Authority for Unified Communications 8.1.2.200 - Cross-Site Request Forgery via submitUser.jsp
CVSS 6.5
Details
Vulnerabilities 9,375
Exploit Likelihood Medium