CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,375 vulnerabilities with CWE-352
CVE-2020-5900
HIGH
NGINX Controller <3.4.0, <2.9.0, <1.0.1 - CSRF
CVSS 8.8
CVE-2020-15400
MEDIUM
CakePHP < 4.0.6 - Cross-Site Request Forgery via CSRF Token Mishandling
CVSS 4.3
CVE-2020-15043
MEDIUM
iBall WRB303N - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-15046
HIGH
Supermicro X10DRH-iT BIOS 2.0a and IPMI Firmware 03.40 - Cross-Site Request Forgery via cgi/config_user.cgi
CVSS 8.8
CVE-2020-15014
HIGH
pramod blogcms < 2019-12-31 - Cross-Site Request Forgery in Admin Password Change
CVSS 8.8
CVE-2020-13157
MEDIUM
NukeViet 4.4 - Cross-Site Request Forgery via User Edit URI
CVSS 6.5
CVE-2020-13156
MEDIUM
NukeViet 4.4 - Cross-Site Request Forgery via User Add Admin Endpoint
CVSS 6.5
CVE-2020-13155
HIGH
NukeViet 4.4 - Cross-Site Request Forgery via clearsystem.php deltype Parameter
CVSS 8.8
CVE-2020-13426
MEDIUM
WordPress Multi-Scheduler <1.0.0 - CSRF
CVSS 6.5
CVE-2020-14203
HIGH
WebFOCUS Business Intelligence 8.0 SP6 - Cross-Site Request Forgery via /ibi_apps/WFServlet
CVSS 8.8
CVE-2020-8167
MEDIUM
rails <= 6.0.3 - Cross-Site Request Forgery via rails-ujs Module
CVSS 6.5
CVE-2020-14432
HIGH
NETGEAR RBK/RBR/RBS 750/840/850 Series < 3.2.15.25 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-7503
HIGH
Easergy T300 Firmware < 1.5.2 - Cross-Site Request Forgery via Intercepted XSRF Token
CVSS 8.8
CVE-2020-4040
HIGH
Bolt CMS < 3.7.1 - Cross-Site Request Forgery in Preview Generation Endpoint
CVSS 8.6
CVE-2020-9042
HIGH
Couchbase Server 6.0 - Cross-Site Request Forgery via Cached Browser Credentials
CVSS 8.8
CVE-2020-13868
MEDIUM
verbb Comments < 1.5.5 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-11682
MEDIUM
Castel NextGen DVR v1.0.0 - Cross-Site Request Forgery via Missing RequestVerificationToken Validation
CVSS 6.5
CVE-2020-13786
HIGH
D-Link DIR-865L Firmware 1.20B01 Beta - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2196
HIGH
Jenkins Selenium Plugin < 3.141.59 - Cross-Site Request Forgery
CVSS 8.0
CVE-2020-2192
MEDIUM
Jenkins Self-Organizing Swarm Modules Plugin < 3.20 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-13760
HIGH
Joomla! < 3.9.19 - Cross-Site Request Forgery in com_postinstall
CVSS 8.8
CVE-2020-4018
HIGH
Atlassian Crucible and Fisheye < 4.8.1 - Cross-Site Request Forgery in Setup Process
CVSS 8.8
CVE-2020-13643
HIGH
SiteOrigin Page Builder < 2.10.16 - Cross-Site Request Forgery via Live Editor Panels Data
CVSS 8.8
CVE-2020-13642
HIGH
SiteOrigin Page Builder < 2.10.16 - Cross-Site Request Forgery via action_builder_content
CVSS 8.8
CVE-2020-13641
HIGH
Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery via far_options_page Function
CVSS 8.8
Details
Vulnerabilities
9,375
Exploit Likelihood
Medium