CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-25950 MEDIUM
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery via My Additional Contact Page
CVSS 4.3
CVE-2020-36174 MEDIUM
Ninja Forms < 3.4.27.1 - Cross-Site Request Forgery via Services Integration
CVSS 6.5
CVE-2020-7336 MEDIUM
McAfee Network Security Management < 9.2.9.55 - Cross-Site Request Forgery
CVSS 6.6
CVE-2020-4942 HIGH
IBM Curam Social Program Management 7.0.9 and 7.0.11 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4917 HIGH
IBM Cloud Pak System 2.3.0.0-2.3.3.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-35950 CRITICAL
XCloner Backup and Restore < 4.2.153 - Cross-Site Request Forgery via WordPress Endpoints
CVSS 9.8
CVE-2020-35944 HIGH
PageLayer < 1.1.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-35778 MEDIUM
NETGEAR GS716T and GS724T Firmware < 6.3.1.36 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-35773 HIGH
site-offline < 1.4.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-35615 MEDIUM
Joomla! 2.5.0-3.9.22 - Cross-Site Request Forgery in com_privacy Emailexport Feature
CVSS 6.3
CVE-2020-26033 MEDIUM
Zammad < 3.4.1 - Cross-Site Request Forgery via Tag and Link REST API Endpoints
CVSS 5.4
CVE-2020-35347 MEDIUM
CXUUCMS V3 3.1 - Cross-Site Request Forgery via Admin User Addition
CVSS 6.5
CVE-2020-26766 HIGH
PHPGurukul User Registration & Login and User Management System Wit...
CVSS 8.8
CVE-2020-35677 MEDIUM
BigProf Online Invoicing System < 4.0 - Authenticated Stored XSS and CSRF via Group Edit
CVSS 4.8
CVE-2020-35269 HIGH
Nagios Core 4.2.4 - Cross-Site Request Forgery in Host Management Functions
CVSS 8.8
CVE-2020-35626 HIGH
MediaWiki < 1.35.1 - Cross-Site Request Forgery in PushToWatch Extension
CVSS 8.8
CVE-2020-35273 HIGH
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Cross-Site Request Forgery in User Profile Panel
CVSS 8.0
CVE-2020-7201 HIGH
HPE StoreEver MSL2024 Tape Library < 7.30 and StoreEver 1/8 G2 Tape Autoloader < 5.40 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4764 MEDIUM
IBM Planning Analytics 2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13527 MEDIUM
Lantronix XPort EDGE <4.2.0.0R7 - Auth Bypass
CVSS 4.5
CVE-2020-8465 CRITICAL
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Authentication Bypass via System Update Manipulation
CVSS 9.8
CVE-2020-8461 HIGH
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - CSRF
CVSS 8.8
CVE-2020-25095 HIGH
LogRhythm Platform Manager 7.4.9 - Cross-Site Request Forgery via WebSocket Hijacking
CVSS 8.8
CVE-2020-4904 MEDIUM
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-28931 HIGH
EPSON EPS TSE Server 8 21.0.11 - Cross-Site Request Forgery in Administrative Interface
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium