CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-22273 MEDIUM
Neoflex Video Subscription System 2.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-2303 MEDIUM
Jenkins Active Directory Plugin <2.19 - CSRF
CVSS 4.3
CVE-2020-28040 MEDIUM
WordPress < 5.5.2 - Cross-Site Request Forgery via Theme Background Image Change
CVSS 4.3
CVE-2020-11485 HIGH
Intel BMC Firmware < 3.38.30 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-16256 HIGH
winston_firmware 1.5.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-27975 HIGH
osCommerce Phoenix CE < 1.0.5.4 - Cross-Site Request Forgery in admin/define_language.php
CVSS 8.8
CVE-2020-24847 MEDIUM
FruityWifi <= 2.4 - Cross-Site Request Forgery in page_config_adv.php
CVSS 4.3
CVE-2020-18129 HIGH
Eyoucms 1.2.7 - Cross-Site Request Forgery via Admin Account Addition
CVSS 8.8
CVE-2020-24033 HIGH
fs.com S3900 24T4S < 1.7.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-3456 HIGH
Cisco Firepower Extensible Operating System - Cross-Site Request Forgery in Firepower Chassis Manager
CVSS 8.8
CVE-2020-5790 MEDIUM
Nagios XI 5.7.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-12502 HIGH
Pepperl+Fuchs P+F Comtrol - Unauthorized Access
CVSS 8.8
CVE-2020-5642 HIGH
Live Chat - Live support < 3.1.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4773 MEDIUM
IBM Curam Social Program Management 7.0.9 and 7.0.10 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-26912 HIGH
NETGEAR Multiple Router Models Firmware - Cross-Site Request Forgery
CVSS 7.5
CVE-2020-26522 HIGH
Garfield Petshop < 2020-10-01 - Cross-Site Request Forgery in User Management
CVSS 8.8
CVE-2020-26802 HIGH
forma.lms 2.3.0.2 - CSRF
CVSS 8.8
CVE-2020-2296 MEDIUM
Jenkins Shared Objects Plugin <0.44 - CSRF
CVSS 4.3
CVE-2020-2295 MEDIUM
Jenkins Maven Cascade Release Plugin <1.3.2 - CSRF
CVSS 6.5
CVE-2020-25263 HIGH
PyroCMS 3.7 - Cross-Site Request Forgery via Admin Addons Uninstall Endpoint
CVSS 7.1
CVE-2020-25262 MEDIUM
PyroCMS 3.7 - Cross-Site Request Forgery via Admin Pages Delete Endpoint
CVSS 4.3
CVE-2020-25986 MEDIUM
MonoCMS Blog 1.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-12123 HIGH
WAVLINK WN530H4 M30H4.V5030.190403 - Cross-Site Request Forgery in /cgi-bin/ Directory
CVSS 8.1
CVE-2020-5786 HIGH
Teltonika TRB245 Firmware TRB2_R_00.02.04.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-24570 MEDIUM
MB CONNECT LINE mymbCONNECT24 & mbCONNECT24 < 2.6.1 - CSRF & SSRF via com_mb24proxy
CVSS 6.5
Details
Vulnerabilities 9,375
Exploit Likelihood Medium