CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-2235 MEDIUM
Jenkins Pipeline Maven Integration Plugin <3.8.2 - CSRF
CVSS 6.5
CVE-2020-7029 MEDIUM
Avaya Aura Communication Manager <7.1.3.5/8.0.x CSRF in System Management Interface
CVSS 6.4
CVE-2020-12781 MEDIUM
Combodo iTop - Cross-Site Request Forgery
CVSS 5.7
CVE-2020-16253 HIGH
pghero < 2.6.0 - Cross-Site Request Forgery
CVSS 8.1
CVE-2020-16252 MEDIUM
Field Test 0.2.0-0.3.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-15135 MEDIUM
save-server < 1.0.7 - Cross-Site Request Forgery
CVSS 6.7
CVE-2020-5615 HIGH
Calendar01 and Calendar02 1.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-5770 HIGH
Teltonika TRB2_R_00.02.04.01 - CSRF
CVSS 8.8
CVE-2020-14319 MEDIUM
Red Hat AMQ Online < 1.5.2 and Enmasse < 0.32.2 - Cross-Site Request Forgery
CVSS 5.9
CVE-2020-10984 HIGH
Gambio GX < 4.0.1.0 - Cross-Site Request Forgery in Admin Panel
CVSS 8.8
CVE-2020-5611 HIGH
Social Sharing Plugin <1.2.10 - CSRF
CVSS 8.8
CVE-2020-15882 HIGH
munkireport < 5.6.3 - Cross-Site Request Forgery in manager/delete_machine Endpoint
CVSS 8.1
CVE-2020-5767 MEDIUM
Icegram Email Subscribers & Newsletters <4.4.8 - CSRF
CVSS 6.5
CVE-2020-11438 HIGH
LibreHealth EHR 2.0.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-15700 MEDIUM
Joomla! 3.7.0-3.9.19 - Cross-Site Request Forgery via com_installer AJAX Install Endpoint
CVSS 6.3
CVE-2020-15695 MEDIUM
Joomla! 3.9.0-3.9.19 - Cross-Site Request Forgery in com_privacy Remove Request Feature
CVSS 6.3
CVE-2020-6289 HIGH
SAP Disclosure Management 10.1 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-15711 HIGH
MISP < 2.4.129 - Cross-Site Request Forgery in Homepage Setting
CVSS 8.8
CVE-2020-10986 MEDIUM
Tenda AC15 AC1900 <15.03.05.19 - CSRF
CVSS 6.5
CVE-2020-15600 MEDIUM
CMSUno < 1.6.1 - Cross-Site Request Forgery via Admin Password Change
CVSS 6.5
CVE-2020-15516 MEDIUM
mm_forum < 1.9.5 - Cross-Site Scripting via CSRF
CVSS 5.4
CVE-2020-8166 MEDIUM
rails < 5.2.5 and < 6.0.4 - Cross-Site Request Forgery via Per-Form Token Forgery
CVSS 4.3
CVE-2020-2215 MEDIUM
Jenkins Zephyr for JIRA Test Mgmt <1.5 - CSRF
CVSS 4.3
CVE-2020-2203 MEDIUM
Jenkins Fortify on Demand Plugin <5.0.1 - CSRF
CVSS 4.3
CVE-2020-5904 HIGH
BIG-IP 12.1.0-12.1.5.1 - Cross-Site Request Forgery in TMUI
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium