CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-5900 HIGH
NGINX Controller <3.4.0, <2.9.0, <1.0.1 - CSRF
CVSS 8.8
CVE-2020-15400 MEDIUM
CakePHP < 4.0.6 - Cross-Site Request Forgery via CSRF Token Mishandling
CVSS 4.3
CVE-2020-15043 MEDIUM
iBall WRB303N - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-15046 HIGH
Supermicro X10DRH-iT BIOS 2.0a and IPMI Firmware 03.40 - Cross-Site Request Forgery via cgi/config_user.cgi
CVSS 8.8
CVE-2020-15014 HIGH
pramod blogcms < 2019-12-31 - Cross-Site Request Forgery in Admin Password Change
CVSS 8.8
CVE-2020-13157 MEDIUM
NukeViet 4.4 - Cross-Site Request Forgery via User Edit URI
CVSS 6.5
CVE-2020-13156 MEDIUM
NukeViet 4.4 - Cross-Site Request Forgery via User Add Admin Endpoint
CVSS 6.5
CVE-2020-13155 HIGH
NukeViet 4.4 - Cross-Site Request Forgery via clearsystem.php deltype Parameter
CVSS 8.8
CVE-2020-13426 MEDIUM
WordPress Multi-Scheduler <1.0.0 - CSRF
CVSS 6.5
CVE-2020-14203 HIGH
WebFOCUS Business Intelligence 8.0 SP6 - Cross-Site Request Forgery via /ibi_apps/WFServlet
CVSS 8.8
CVE-2020-8167 MEDIUM
rails <= 6.0.3 - Cross-Site Request Forgery via rails-ujs Module
CVSS 6.5
CVE-2020-14432 HIGH
NETGEAR RBK/RBR/RBS 750/840/850 Series < 3.2.15.25 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-7503 HIGH
Easergy T300 Firmware < 1.5.2 - Cross-Site Request Forgery via Intercepted XSRF Token
CVSS 8.8
CVE-2020-4040 HIGH
Bolt CMS < 3.7.1 - Cross-Site Request Forgery in Preview Generation Endpoint
CVSS 8.6
CVE-2020-9042 HIGH
Couchbase Server 6.0 - Cross-Site Request Forgery via Cached Browser Credentials
CVSS 8.8
CVE-2020-13868 MEDIUM
verbb Comments < 1.5.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-11682 MEDIUM
Castel NextGen DVR v1.0.0 - Cross-Site Request Forgery via Missing RequestVerificationToken Validation
CVSS 6.5
CVE-2020-13786 HIGH
D-Link DIR-865L Firmware 1.20B01 Beta - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2196 HIGH
Jenkins Selenium Plugin < 3.141.59 - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-2192 MEDIUM
Jenkins Self-Organizing Swarm Modules Plugin < 3.20 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13760 HIGH
Joomla! < 3.9.19 - Cross-Site Request Forgery in com_postinstall
CVSS 8.8
CVE-2020-4018 HIGH
Atlassian Crucible and Fisheye < 4.8.1 - Cross-Site Request Forgery in Setup Process
CVSS 8.8
CVE-2020-13643 HIGH
SiteOrigin Page Builder < 2.10.16 - Cross-Site Request Forgery via Live Editor Panels Data
CVSS 8.8
CVE-2020-13642 HIGH
SiteOrigin Page Builder < 2.10.16 - Cross-Site Request Forgery via action_builder_content
CVSS 8.8
CVE-2020-13641 HIGH
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery via far_options_page Function
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium