CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,375 vulnerabilities with CWE-352
CVE-2020-11825 HIGH
Dolibarr 10.0.6 - Cross-Site Request Forgery via Shared CSRF Token
CVSS 8.8
CVE-2020-11818 HIGH
Rukovoditel 2.5.2 - Cross-Site Request Forgery via Session Token Bypass
CVSS 8.8
CVE-2020-3261 MEDIUM
Cisco Aironet Mobility Express Software >=8.0 <8.8.130.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-11003 MEDIUM
Oasis < 2.15.0 - Cross-Site Request Forgery
CVSS 4.8
CVE-2020-11706 HIGH
ProVide FTP Server < 13.1 - Cross-Site Request Forgery in Admin Interface
CVSS 8.8
CVE-2020-11701 HIGH
ProVide FTP Server < 13.1 - Cross-Site Request Forgery in User Web Interface
CVSS 8.8
CVE-2020-11553 HIGH
Castle Rock SNMPc Online 12.10.10-2020-01-28 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-5549 HIGH
EasyBlocks IPv6 <2.0.1 & Enterprise <2.0.1 - CSRF
CVSS 8.8
CVE-2020-11627 HIGH
EJBCA < 6.15.2.6 and 7.x < 7.3.1.2 - Cross-Site Request Forgery in CA UI
CVSS 8.8
CVE-2020-5391 HIGH
wp-auth0 < 4.0.0 - Cross-Site Request Forgery via Domain Field
CVSS 8.8
CVE-2020-4238 HIGH
IBM Tivoli Netcool Impact 7.1.0.0-7.1.0.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-4237 HIGH
IBM Tivoli Netcool Impact 7.1.0.0-7.1.0.17 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2160 HIGH
Jenkins < 2.204.6 - Cross-Site Request Forgery Protection Bypass via URL Path Representation
CVSS 8.8
CVE-2020-8985 HIGH
ZendTo < 5.22-2 Beta - Cross-Site Request Forgery and Reflected Cross-Site Scripting via Unlock User Functionality
CVSS 8.8
CVE-2020-7005 HIGH
Honeywell WIN-PAK < 4.7.2_b1072.3.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-10671 HIGH
Canon Oce Colorwave 500 4.0.0.0 - CSRF
CVSS 8.8
CVE-2020-4199 MEDIUM
IBM Tivoli Netcool/OMNIbus 8.1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-9346 HIGH
ManageEngine Password Manager Pro <= 10.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-6585 HIGH
Nagios Log Server 2.1.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-10241 HIGH
Joomla! 3.2.0-3.9.15 - Cross-Site Request Forgery in com_templates Image Actions
CVSS 8.8
CVE-2020-10568 HIGH
sitepress-multilingual-cms (WPML) <4.3.7-b.2 - RCE
CVSS 8.8
CVE-2020-10540 HIGH
WebUntis < 2020.9.6 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-10504 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - CSRF
CVSS 4.3
CVE-2020-10503 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - CSRF
CVSS 4.3
CVE-2020-10502 MEDIUM
Chadha PHPKB Standard Multi-Language 9 - CSRF
CVSS 4.3
Details
Vulnerabilities 9,375
Exploit Likelihood Medium