CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-13658 HIGH
Lansweeper - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-25142 MEDIUM
Observium 20.8.10631 - Cross-Site Request Forgery via Device Settings Form
CVSS 6.5
CVE-2020-23837 HIGH
GetSimple CMS Multi User 1.8.2 - CSRF
CVSS 8.8
CVE-2020-12841 MEDIUM
iSmartGate PRO 1.5.9 - Cross-Site Request Forgery via Image Upload
CVSS 6.5
CVE-2020-12840 MEDIUM
iSmartGate PRO 1.5.9 - Cross-Site Request Forgery via Sound File Upload
CVSS 6.5
CVE-2020-12282 HIGH
iSmartgate PRO 1.5.9 - Cross-Site Request Forgery via Busca Parameter
CVSS 8.8
CVE-2020-12281 MEDIUM
iSmartgate PRO 1.5.9 - Cross-Site Request Forgery via User Creation Endpoint
CVSS 6.5
CVE-2020-12280 MEDIUM
iSmartgate PRO 1.5.9 - Cross-Site Request Forgery via /isg/opendoor.php
CVSS 6.5
CVE-2020-5783 MEDIUM
IgniteNet HeliOS GLinq <v2.2.1 r2961 - CSRF
CVSS 5.4
CVE-2020-2281 MEDIUM
Jenkins Lockable Resources Plugin <2.8 - CSRF
CVSS 5.4
CVE-2020-2280 HIGH
Jenkins Warnings Plugin <5.0.1 - CSRF
CVSS 8.8
CVE-2020-3135 HIGH
Cisco Unified Communications Manager < 11.5(1) - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-3124 MEDIUM
Cisco Hosted Collaboration Mediation Fulfillment < 12.5(1) - Unauthenticated Cross-Site Request Forgery
CVSS 6.5
CVE-2020-14025 HIGH
Ozeki NG SMS Gateway <= 4.17.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4617 HIGH
IBM Data Risk Manager < 2.0.6.4 - Cross-Site Request Forgery
CVSS 8.1
CVE-2020-14506 LOW
Philips Clinical Collaboration Platform < 12.2.1 - Cross-Site Request Forgery
CVSS 3.4
CVE-2020-15182 HIGH
SOY CMS < 3.0.2.328 and SOY Inquiry < 2.0.0.4 - Authenticated Remote Code Execution via CSRF
CVSS 8.4
CVE-2020-24373 HIGH
Freebox Server < 4.2.3 - Cross-Site Request Forgery via UPnP MediaServer
CVSS 8.8
CVE-2020-13259 HIGH
RAD SecFlow-1v os-image SF_0290_2.3.01.26 - CSRF
CVSS 8.8
CVE-2020-25015 MEDIUM
Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-2273 MEDIUM
Jenkins ElasTest Plugin <1.2.1 - CSRF
CVSS 4.3
CVE-2020-2268 HIGH
Jenkins MongoDB Plugin < 1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-25453 HIGH
BlackCat CMS < 1.4 - Cross-Site Request Forgery Bypass
CVSS 8.8
CVE-2020-4526 MEDIUM
IBM Maximo Asset Management 7.6.0-7.6.0.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-23451 HIGH
Spiceworks <= 7.5.00107 - Cross-Site Request Forgery via /settings/v1/users
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium