CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-10229 HIGH
vtenext 19 CE - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-23824 HIGH
ArGo Soft Mail Server 1.8.8.9 - CSRF
CVSS 8.8
CVE-2020-25252 HIGH
Hyland OnBase < 16.0.2.83, <= 17.0.2.109, <= 18.0.0.37, <= 19.8.16.1000, <= 20.3.10.1000 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-24739 MEDIUM
iCMS 7.0.0 - Cross-Site Request Forgery in Administrator Account Deletion
CVSS 6.5
CVE-2020-15789 HIGH
Polarion Subversion Webclient - Cross-Site Request Forgery
CVSS 8.1
CVE-2020-23830 HIGH
SourceCodester Stock Management System <v1.0 - CSRF
CVSS 7.1
CVE-2020-5776 HIGH
MAGMI - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-25070 HIGH
USVN < 1.0.10 - Cross-Site Request Forgery via Missing SameSite Cookie Attribute
CVSS 8.8
CVE-2020-16208 HIGH
Red Lion N-Tron 702-W / 702M12-W - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-23836 HIGH
OSWAPP Warehouse Inventory System < 2020-08-10 - Cross-Site Request Forgery in edit_user.php
CVSS 8.8
CVE-2020-2241 HIGH
Jenkins Database Plugin <1.6 - CSRF
CVSS 8.8
CVE-2020-2240 HIGH
Jenkins Database Plugin <1.6 - CSRF
CVSS 8.8
CVE-2020-16610 MEDIUM
hoosk < 1.7.2 - Cross-Site Request Forgery via Account Deletion
CVSS 4.3
CVE-2020-5621 MEDIUM
NETGEAR switching hubs <5.4.2.30 - CSRF
CVSS 4.3
CVE-2020-15156 MEDIUM
nodebb-plugin-blog-comments <0.7.0 - XSS
CVSS 6.8
CVE-2020-5928 LOW
F5 BIG-IP Application Security Manager 11.5.2-11.6.5 - Cross-Site Request Forgery via Reused CSRF Token
CVSS 3.1
CVE-2020-5922 HIGH
BIG-IP 11.6.1-15.1.0.4 - Cross-Site Request Forgery in iControl REST
CVSS 8.8
CVE-2020-4170 MEDIUM
IBM Security Guardium Insights 2.0.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-14043 HIGH
Codiad >=1.7.8 - Cross-Site Request Forgery in Marketplace Plugin Download
CVSS 8.8
CVE-2020-19889 HIGH
DBHcms 1.2.0 - Cross-Site Request Forgery via User Addition
CVSS 8.8
CVE-2020-19886 HIGH
DBHcms 1.2.0 - Cross-Site Request Forgery via Menu Deletion Endpoint
CVSS 8.1
CVE-2020-15151 HIGH
OpenMage LTS <19.4.6, 20.0.2 - CSRF
CVSS 8.0
CVE-2020-12480 MEDIUM
Play Framework 2.6.0-2.8.1 - Cross-Site Request Forgery Bypass via Unparseable Content-Type Parameters
CVSS 6.5
CVE-2020-7304 HIGH
McAfee Data Loss Prevention < 11.3.28 - Authenticated Cross-Site Request Forgery via Label Addition
CVSS 7.6
CVE-2020-2237 MEDIUM
Jenkins Flaky Test Handler Plugin <1.0.4 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,375
Exploit Likelihood Medium