CWE-352— Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.— MITRE CWE catalog
8,840 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-352page 48 of 177
- CVE-2020-22273MEDIUMCVSS 6.5EG 6.52020-11-04
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
- CVE-2020-22334MEDIUMCVSS 6.5EG 6.52023-05-08
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
- CVE-2020-2235MEDIUMCVSS 6.5EG 6.52020-08-12
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through anothe…
- CVE-2020-2237MEDIUMCVSS 4.3EG 4.32020-08-12
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
- CVE-2020-2240HIGHCVSS 8.8EG 8.82020-09-01
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
- CVE-2020-22403HIGHCVSS 8.8EG 8.82021-08-12
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
- CVE-2020-2241HIGHCVSS 8.8EG 8.82020-09-01
A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
- CVE-2020-2268HIGHCVSS 8.8EG 5.32020-09-16
A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.
- CVE-2020-2273MEDIUMCVSS 4.3EG 4.32020-09-16
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
- CVE-2020-22761HIGHCVSS 8.8EG 8.82021-07-30
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
- CVE-2020-2280HIGHCVSS 8.8EG 8.82020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
- CVE-2020-2281MEDIUMCVSS 5.4EG 5.42020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
- CVE-2020-2295MEDIUMCVSS 6.5EG 6.52020-10-08
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
- CVE-2020-2296MEDIUMCVSS 4.3EG 4.32020-10-08
A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.
- CVE-2020-2303MEDIUMCVSS 4.3EG 4.32020-11-04
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using at…
- CVE-2020-23127HIGHCVSS 8.8EG 8.82021-05-06
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
- CVE-2020-2321HIGHCVSS 8.1EG 8.12020-12-03
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.
- CVE-2020-23264HIGHCVSS 8.8EG 8.82021-05-06
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
- CVE-2020-23342HIGHCVSS 8.8EG 8.82021-01-19
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
- CVE-2020-23363HIGHCVSS 8.8EG 8.82023-05-09
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
- CVE-2020-23376MEDIUMCVSS 6.1EG 6.12021-05-10
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
- CVE-2020-23426CRITICALCVSS 9.8EG 9.82021-04-08
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
- CVE-2020-23451HIGHCVSS 8.8EG 8.82020-09-15
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
- CVE-2020-23522MEDIUMCVSS 6.8EG 6.82021-01-19
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
- CVE-2020-23582MEDIUMCVSS 6.5EG 6.52022-11-21
A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
- CVE-2020-23585HIGHCVSS 8.8EG 8.82022-11-23
A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_fil…
- CVE-2020-23586MEDIUMCVSS 4.3EG 4.32022-11-23
A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type …
- CVE-2020-23587LOWCVSS 3.1EG 3.12022-11-23
A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by a…
- CVE-2020-23588MEDIUMCVSS 4.3EG 4.32022-11-23
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to "Enable or Disable Ports" and to "Chang…
- CVE-2020-23589MEDIUMCVSS 6.5EG 6.52022-11-23
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to cause a Denial of Service by Rebooting …
- CVE-2020-23590MEDIUMCVSS 6.5EG 6.52022-11-23
A vulnerability in Optilink OP-XT71000N Hardware version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack to change the Password for "WLAN SSID" thro…
- CVE-2020-23592HIGHCVSS 8.8EG 8.82022-11-23
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' …
- CVE-2020-23593MEDIUMCVSS 6.5EG 6.52022-11-23
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cf…
- CVE-2020-23595HIGHCVSS 8.8EG 8.82023-08-11
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
- CVE-2020-23631MEDIUMCVSS 6.1EG 6.12021-01-11
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.
- CVE-2020-23686HIGHCVSS 8.8EG 8.82021-11-02
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
- CVE-2020-23824HIGHCVSS 8.8EG 8.82020-09-11
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a w…
- CVE-2020-23830HIGHCVSS 7.1EG 7.12020-09-02
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-par…
- CVE-2020-23836HIGHCVSS 8.8EG 8.82020-09-01
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-pa…
- CVE-2020-23837HIGHCVSS 8.8EG 8.82020-09-25
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
- CVE-2020-23960HIGHCVSS 8.8EG 8.82021-01-11
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a d…
- CVE-2020-24033HIGHCVSS 8.8EG 8.82020-10-22
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all sett…
- CVE-2020-24130HIGHCVSS 8.1EG 8.12021-08-20
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.
- CVE-2020-24271HIGHCVSS 8.8EG 8.82021-02-01
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
- CVE-2020-24373HIGHCVSS 8.8EG 8.82020-09-16
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
- CVE-2020-24570MEDIUMCVSS 6.5EG 6.52020-09-30
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a cr…
- CVE-2020-24739MEDIUMCVSS 6.5EG 6.52020-09-10
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
- CVE-2020-24740MEDIUMCVSS 4.3EG 4.32021-05-18
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
- CVE-2020-24847MEDIUMCVSS 4.3EG 4.32020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering …
- CVE-2020-24922HIGHCVSS 8.8EG 8.82023-08-11
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
Map vulnerabilities like CWE-352 to your infrastructure
EchelonGraph correlates every CVE — across CWE-352 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →