CWE-352
Medium likelihoodCross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
9,376 vulnerabilities with CWE-352
CVE-2020-8504
MEDIUM
arox School Management Software PHP/mySQL < 2019-03-14 - Cross-Site Request Forgery via Add Admin Action
CVSS 6.5
CVE-2020-7965
HIGH
webargs 5.0.0-5.5.2 - Cross-Site Request Forgery via JSON Content-Type Bypass
CVSS 8.8
CVE-2020-8425
MEDIUM
Cups Easy (Purchase & Inventory) 1.0 - CSRF
CVSS 6.5
CVE-2020-8424
HIGH
Cups Easy (Purchase & Inventory) 1.0 - CSRF
CVSS 8.8
CVE-2020-8420
HIGH
Joomla! 3.0.0-3.9.14 - Cross-Site Request Forgery in LESS Compiler
CVSS 8.8
CVE-2020-8419
HIGH
Joomla! 3.0.0-3.9.14 - Cross-Site Request Forgery in Batch Actions
CVSS 8.8
CVE-2020-8417
HIGH
Code Snippets < 2.14.0 - Cross-Site Request Forgery via Import Menu
CVSS 8.8
CVE-2020-7991
HIGH
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
CVSS 8.8
CVE-2020-7210
MEDIUM
Umbraco CMS 8.2.2 - Cross-Site Request Forgery
CVSS 4.3
CVE-2020-6849
HIGH
marketo-forms-and-tracking < 1.0.2 - Cross-Site Request Forgery with Resultant Cross-Site Scripting
CVSS 8.8
CVE-2020-5397
MEDIUM
Spring Framework 5.2.x < 5.2.3 - Cross-Site Request Forgery via CORS Preflight Requests
CVSS 5.3
CVE-2020-2098
HIGH
Jenkins Sounds Plugin < 0.5 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2093
HIGH
Jenkins Health Advisor by CloudBees < 3.0 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-2090
HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Cross-Site Request Forgery
CVSS 8.8
CVE-2020-5502
MEDIUM
phpBB 3.2.8 - Cross-Site Request Forgery via Group Membership Approval
CVSS 6.5
CVE-2020-5501
MEDIUM
phpBB 3.2.8 - Cross-Site Request Forgery via Group Avatar Modification
CVSS 4.3
CVE-2020-6167
HIGH
WordPress Minimal Coming Soon & Maintenance Mode <2.10 - CSRF
CVSS 8.8
CVE-2019-25729
CRITICAL
PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
CVSS 9.8
CVE-2019-25708
MEDIUM
Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
CVSS 4.3
CVE-2019-25693
HIGH
ResourceSpace 8.6 SQL Injection via collection_edit.php
CVSS 7.1
CVE-2019-25682
MEDIUM
CMSsite 1.0 Cross-Site Request Forgery via users.php
CVSS 4.3
CVE-2019-25447
MEDIUM
OrientDB 3.0.17 GA Community - CSRF
CVSS 4.3
CVE-2019-25359
HIGH
SD.NET RIM < 4.7.3c - SQL Injection via POST Parameters 'idtyp' and 'idgremium'
CVSS 8.2
CVE-2019-25313
MEDIUM
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery to Add Local Admin
CVSS 4.0
CVE-2019-25259
MEDIUM
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
CVSS 5.3
Details
Vulnerabilities
9,376
Exploit Likelihood
Medium