CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-25622 HIGH
SolarWinds N-Central 12.3.0.670 - Cross-Site Request Forgery via AdvancedScripts Endpoint
CVSS 8.8
CVE-2020-14368 HIGH
Eclipse Che < 7.14.0 - Cross-Site Request Forgery via SameSite Cookie Misconfiguration
CVSS 7.1
CVE-2020-8282 HIGH
Ubiquiti EdgePower <=1.7.0 - Remote Code Execution via Missing CSRF Protection
CVSS 8.8
CVE-2020-28858 HIGH
OpenAsset Digital Asset Management <= 12.0.19 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-29254 HIGH
TikiWiki 21.2 - Cross-Site Request Forgery in Template Editor
CVSS 8.8
CVE-2020-28838 LOW
OpenCart 3.0.3.6 - Cross-Site Request Forgery in Cart Option
CVSS 3.5
CVE-2020-35135 HIGH
Ultimate Category Excluder < 1.2 - Cross-Site Request Forgery via ultimate-category-excluder.php
CVSS 8.8
CVE-2020-2321 HIGH
Jenkins Shelve Project Plugin <3.0 - CSRF
CVSS 8.1
CVE-2020-14369 MEDIUM
Red Hat CloudForms < 5.11 - Cross-Site Request Forgery via Crafted Flash File
CVSS 6.3
CVE-2020-29458 HIGH
Textpattern CMS 4.6.2 - Cross-Site Request Forgery via Prefs Subsystem
CVSS 8.8
CVE-2020-4127 MEDIUM
HCL Domino < 9.0.1 - Cross-Site Request Forgery in Login
CVSS 6.5
CVE-2020-17901 MEDIUM
PbootCMS 1.3.2 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-7780 MEDIUM
com.softwaremill.akka-http-session <0.5.11 - CSRF
CVSS 6.3
CVE-2020-26936 HIGH
Cloudera Data Engineering <1.1 - CSRF
CVSS 8.8
CVE-2020-13620 HIGH
Fastweb FASTGate GPON FGA2130FWB Firmware < 2020-05-26 - Cross-Site Request Forgery via Router Administration Web Panel
CVSS 8.8
CVE-2020-25472 MEDIUM
SimplePHPscripts News Script PHP Pro 2.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-5641 MEDIUM
GS108Ev3 Firmware < 2.06.10 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13350 LOW
GitLab CE/EE >=13.5.0,<13.5.2,>=13.4.0,<13.4.5,<13.3.9 - CSRF
CVSS 3.1
CVE-2020-28649 HIGH
Orbisius Child Theme Creator < 1.5.2 - Cross-Site Request Forgery via orbisius_ctc_theme_editor_manage_file
CVSS 8.8
CVE-2020-7332 HIGH
McAfee Endpoint Security < 10.6.1 - Cross-Site Request Forgery in Firewall ePO Extension
CVSS 7.0
CVE-2020-27146 MEDIUM
TIBCO iProcess Workspace (Browser) <11.6.0 - CSRF
CVSS 5.0
CVE-2020-27016 HIGH
Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4651 MEDIUM
IBM Maximo Spatial Asset Management 7.6.0.3-7.6.1.0 - Cross-Site Request Forgery
CVSS 4.8
CVE-2020-15259 HIGH
auth0 ad/ldap_connector < 5.0.13 - Cross-Site Request Forgery in Admin Panel
CVSS 8.1
CVE-2020-27692 HIGH
Verve Connect VH510 Firmware < 1.0.1.6l0516 - Cross-Site Request Forgery in Web Management Portal
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium