Vulnerabilities (CVE)

Filtered by CWE-352
Total 9162 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-3114 1 Cisco 1 Data Center Network Manager 2026-06-17 6.8 MEDIUM 8.8 HIGH
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.
CVE-2020-37241 2026-06-17 N/A 5.3 MEDIUM
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
CVE-2020-37217 2026-06-17 N/A 4.3 MEDIUM
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
CVE-2020-37158 1 Wwbn 1 Avideo 2026-06-17 N/A 5.3 MEDIUM
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
CVE-2020-37149 1 Edimax 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware 2026-06-17 N/A 8.1 HIGH
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.
CVE-2020-37145 2026-06-17 N/A 4.3 MEDIUM
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.
CVE-2020-37144 2026-06-17 N/A 5.3 MEDIUM
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
CVE-2020-37118 2026-06-17 N/A 3.5 LOW
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
CVE-2020-37106 2026-06-17 N/A 5.3 MEDIUM
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with administrative access parameters.
CVE-2020-37096 1 Edimax 2 Ew-7438rpn Mini, Ew-7438rpn Mini Firmware 2026-06-17 N/A 5.3 MEDIUM
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
CVE-2020-37091 2026-06-17 N/A 5.3 MEDIUM
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FAQ attachment system.
CVE-2020-37079 1 Wftpserver 1 Wing Ftp Server 2026-06-17 N/A 4.3 MEDIUM
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user account without proper authorization.
CVE-2020-37054 1 Naviwebs 1 Navigate Cms 2026-06-17 N/A 4.3 MEDIUM
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without additional validation.
CVE-2020-37046 2026-06-17 N/A 5.3 MEDIUM
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent.
CVE-2020-37026 2026-06-17 N/A 5.3 MEDIUM
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection.
CVE-2020-37007 1 Salihciftci 1 Liman 2026-06-17 N/A 5.3 MEDIUM
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests.
CVE-2020-36918 2026-06-17 N/A 4.3 MEDIUM
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.
CVE-2020-36908 1 Securecomputing 2 Snapgear Sg560, Snapgear Sg560 Firmware 2026-06-17 N/A 5.3 MEDIUM
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
CVE-2020-36906 2026-06-17 N/A 4.3 MEDIUM
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
CVE-2020-36901 1 Medivision 2 Medivision Digital Signage, Medivision Digital Signage Firmware 2026-06-17 N/A 8.8 HIGH
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.