CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-8168 HIGH
UI AirOS < 6.2.0 - Authenticated Cross-Site Request Forgery
CVSS 8.8
CVE-2020-13458 HIGH
verbb Image Resizer < 2.0.9 - Cross-Site Request Forgery in Log-Clear Action
CVSS 8.8
CVE-2020-13416 MEDIUM
Aviatrix Controller <5.4.1066 - CSRF
CVSS 6.5
CVE-2020-13412 HIGH
Aviatrix Controller <5.4.1204 - CSRF
CVSS 8.8
CVE-2020-1103 MEDIUM
Microsoft SharePoint Server - Information Disclosure via Cross-Site Search Attack
CVSS 6.5
CVE-2020-13231 MEDIUM
Cacti < 1.2.11 - Cross-Site Request Forgery via Admin Email Change
CVSS 6.5
CVE-2020-4286 MEDIUM
IBM InfoSphere Information Server 11.3, 11.5, 11.7 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-12257 HIGH
rConfig 3.9.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-5576 HIGH
Movable Type <7.2.1, <6.5.3, <6.3.11 - CSRF
CVSS 8.8
CVE-2020-11069 HIGH
TYPO3 CMS 9.0.0-9.5.16 and 10.0.0-10.4.1 - Same-Site Request Forgery via Malicious Uploaded Resource
CVSS 8.0
CVE-2020-12427 HIGH
Western Digital WD Discovery <3.8.229 - CSRF
CVSS 8.8
CVE-2020-11060 HIGH
GLPI < 9.4.6 - Authenticated Remote Code Execution via Backup Functionality
CVSS 7.4
CVE-2020-5745 HIGH
TCExam 14.2.2 - Cross-Site Request Forgery
CVSS 7.4
CVE-2020-2186 MEDIUM
Jenkins Amazon EC2 Plugin < 1.50.1 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-2184 MEDIUM
Jenkins CVS Plugin < 2.16 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-8830 HIGH
Ruckus ZoneFlex R500 Firmware - Server-Side Request Forgery via SUBCA-1 Field
CVSS 8.8
CVE-2020-8829 HIGH
Intelbras CIP 92200 Firmware - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-7983 HIGH
Ruckus ZoneFlex R500 Firmware 3.4.2.0.384 - Cross-Site Request Forgery in login.asp
CVSS 8.1
CVE-2020-5517 MEDIUM
BlueOnyx 5209R Firmware - Cross-Site Request Forgery in /login URI
CVSS 6.5
CVE-2020-5335 MEDIUM
RSA Archer < 6.7.0.2 - Cross-Site Request Forgery
CVSS 5.0
CVE-2020-12626 MEDIUM
Roundcube Webmail < 1.4.4 - Cross-Site Request Forgery via Logout POST Request
CVSS 6.5
CVE-2020-12462 MEDIUM
ninja-forms < 3.4.24.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 6.1
CVE-2020-12076 HIGH
Data Tables Generator by Supsystic < 1.9.92 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-10892 HIGH
Foxit PhantomPDF and Reader < 9.7.1.29511 - Arbitrary File Write via CombineFiles Command
CVSS 8.8
CVE-2020-10890 HIGH
Foxit PhantomPDF and Reader < 9.7.1.29511 - Arbitrary File Write via ConvertToPDF Command
CVSS 8.8
Details
Vulnerabilities 9,375
Exploit Likelihood Medium