Vulnerabilities (CVE)

Filtered by CWE-352
Total 9159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-23582 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2026-06-17 N/A 6.5 MEDIUM
A vulnerability in the "/admin/wlmultipleap.asp" of optilink OP-XT71000N version: V2.2 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to create Multiple WLAN BSSID.
CVE-2020-23522 1 Pixelimity 1 Pixelimity 2026-06-17 6.0 MEDIUM 6.8 MEDIUM
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
CVE-2020-23451 1 Spiceworks 1 Spiceworks 2026-06-17 6.8 MEDIUM 8.8 HIGH
Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function.
CVE-2020-23426 1 Zzcms 1 Zzcms 2026-06-17 7.5 HIGH 9.8 CRITICAL
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
CVE-2020-23376 1 5none 1 Nonecms 2026-06-17 4.3 MEDIUM 6.1 MEDIUM
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
CVE-2020-23363 1 Verydows 1 Verydows 2026-06-17 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.
CVE-2020-23342 1 Anchorcms 1 Anchor Cms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
CVE-2020-23264 1 Fork-cms 1 Fork Cms 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
CVE-2020-23127 1 Chamilo 1 Chamilo Lms 2026-06-17 6.8 MEDIUM 8.8 HIGH
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVE-2020-22761 1 Flatpress 1 Flatpress 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php.
CVE-2020-22403 1 Express-cart Project 1 Express-cart 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
CVE-2020-22334 1 Beescms 1 Beescms 2026-06-17 N/A 6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.
CVE-2020-22273 1 Creativeitem 1 Neoflex Video Subscription System 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
CVE-2020-22000 1 Homeautomation Project 1 Homeautomation 2026-06-17 8.5 HIGH 8.0 HIGH
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
CVE-2020-21989 1 Homeautomation Project 1 Homeautomation 2026-06-17 6.8 MEDIUM 8.8 HIGH
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVE-2020-21884 1 Indionetworks 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more 2026-06-17 9.3 HIGH 8.8 HIGH
Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.
CVE-2020-21881 1 Duxcms Project 1 Duxcms 2026-06-17 N/A 6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
CVE-2020-21658 1 Wdja 1 Wdja Cms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
CVE-2020-21386 1 Maccms 1 Maccms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
CVE-2020-21366 1 Njtech 1 Greencms 2026-06-17 N/A 8.0 HIGH
Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.