Vulnerabilities (CVE)

Filtered by CWE-352
Total 9159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-21358 1 Wagecms Project 1 Wage-cms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attackers to arbitrarily add users.
CVE-2020-21321 1 Emlog 1 Emlog 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.
CVE-2020-21252 1 Hongcms Project 1 Hongcms 2026-06-17 N/A 8.8 HIGH
Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.
CVE-2020-21236 1 Damicms 1 Damicms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVE-2020-21141 1 Idreamsoft 1 Icms 2026-06-17 6.8 MEDIUM 8.8 HIGH
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVE-2020-21139 1 Ec Cloud E-commerce System Project 1 Ec Cloud E-commerce System 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.
CVE-2020-21126 1 Metinfo 1 Metinfo 2026-06-17 6.8 MEDIUM 8.8 HIGH
MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo.
CVE-2020-21081 1 Maccms 1 Maccms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in Maccms 8.0 causes administrators to add and modify articles without their knowledge via clicking on a crafted URL.
CVE-2020-20989 1 Domainmod 1 Domainmod 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs.
CVE-2020-20971 1 Pbootcms 1 Pbootcms 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index.
CVE-2020-20945 1 Qibosoft 1 Qibosoft 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.
CVE-2020-20943 1 Qibosoft 1 Qibosoft 2026-06-17 4.3 MEDIUM 4.3 MEDIUM
A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.
CVE-2020-20726 1 Gilacms 1 Gila Cms 2026-06-17 N/A 8.8 HIGH
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.
CVE-2020-20693 1 Gilacms 1 Gila Cms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVE-2020-20671 1 Kitesky 1 Kitecms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
CVE-2020-20642 1 Eyoucms 1 Eyoucms 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
CVE-2020-20595 1 Opms Project 1 Opms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.
CVE-2020-20593 1 Rockoa 1 Rockoa 2026-06-17 6.0 MEDIUM 8.0 HIGH
A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.
CVE-2020-20586 1 Xyhcms 1 Xyhcms 2026-06-17 3.5 LOW 4.5 MEDIUM
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.
CVE-2020-20514 1 Maccms 1 Maccms 2026-06-17 4.9 MEDIUM 8.1 HIGH
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.