CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,376 vulnerabilities with CWE-352
CVE-2020-10181 CRITICAL KEV
Sumavision Enhanced Multimedia Router Firmware 3.0.4.27 - Cross-Site Request Forgery via formEMR30
CVSS 9.8
CVE-2020-6206 MEDIUM
SAP Cloud Platform Integration - CSRF
CVSS 4.3
CVE-2020-2147 MEDIUM
Jenkins Mac Plugin < 1.1.0 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-2141 MEDIUM
Jenkins P4 Plugin < 1.10.10 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-9454 HIGH
RegistrationMagic < 4.6.0.3 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-3148 HIGH
Cisco Prime Network Registrar - CSRF
CVSS 7.1
CVE-2020-10057 HIGH
GeniXCMS 1.1.7 - Cross-Site Request Forgery via Unvalidated Token
CVSS 8.8
CVE-2020-7988 HIGH
phpipam 1.4 - Cross-Site Request Forgery in Password Change
CVSS 8.8
CVE-2020-5402 HIGH
Cloudfoundry Cf-deployment < 12.33.0 - CSRF
CVSS 8.8
CVE-2020-9394 HIGH
Pricing Table by Supsystic < 1.8.2 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-9018 MEDIUM
LiteCart < 2.2.1 - Cross-Site Request Forgery via Admin User Edit Endpoint
CVSS 5.3
CVE-2020-9341 HIGH
CandidATS 2.1.0 - Cross-Site Request Forgery via Add User URI
CVSS 8.8
CVE-2020-3114 HIGH
Cisco DCNM - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-9271 MEDIUM
icehrm 26.2.0 - Cross-Site Request Forgery via service.php
CVSS 6.5
CVE-2020-9270 HIGH
icehrm 26.2.0 - Cross-Site Request Forgery via service.php
CVSS 8.8
CVE-2020-9267 MEDIUM
Soplanning - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-9266 MEDIUM
SOPlanning 1.45 - Cross-Site Request Forgery via xajax_server.php
CVSS 6.5
CVE-2020-6844 HIGH
TopManage OLK 2020 - Cross-Site Request Forgery in Login
CVSS 8.8
CVE-2020-5530 HIGH
Easy Property Listings < 3.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-1692 HIGH
Moodle < 3.7.2 - Information Exposure of Service Tokens
CVSS 8.1
CVE-2020-1977 HIGH
Expedition Migration Tool < 1.1.51 - Unauthenticated Cross-Site Request Forgery
CVSS 7.5
CVE-2020-2116 HIGH
Jenkins Pipeline GitHub Notify Step < 1.0.4 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-8658 HIGH
BestWebSoft Htaccess < 1.8.1 - Cross-Site Request Forgery via htaccess_editor Action
CVSS 8.8
CVE-2020-8615 MEDIUM
Tutor LMS < 1.5.3 - Cross-Site Request Forgery
CVSS 6.5
CVE-2020-8505 MEDIUM
arox School Management Software PHP/mySQL < 2019-03-14 - Cross-Site Request Forgery via office_admin/?action=deleteadmin
CVSS 6.5
Details
Vulnerabilities 9,376
Exploit Likelihood Medium