Vulnerabilities (CVE)

Filtered by CWE-352
Total 9159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20502 1 Yzmcms 1 Yzmcms 2026-06-17 N/A 6.5 MEDIUM
Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.
CVE-2020-20468 1 White Shark Systems Project 1 White Shark Systems 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can use the user_edit_password.php file to modify the user password.
CVE-2020-20343 1 Wtcms Project 1 Wtcms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.
CVE-2020-1977 1 Paloaltonetworks 1 Expedition Migration Tool 2026-06-17 6.8 MEDIUM 7.5 HIGH
Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier versions.
CVE-2020-1103 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
CVE-2020-19964 1 Phpmywind 1 Phpmywind 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
CVE-2020-19951 1 Yzmcms 1 Yzmcms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.
CVE-2020-19889 1 Dbhcms Project 1 Dbhcms 2026-06-17 6.8 MEDIUM 8.8 HIGH
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
CVE-2020-19886 1 Dbhcms Project 1 Dbhcms 2026-06-17 4.3 MEDIUM 8.1 HIGH
DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
CVE-2020-19803 1 Doyocms Project 1 Doyocms 2026-06-17 N/A 8.8 HIGH
Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings.
CVE-2020-19682 1 Zzzcms 1 Zzzcms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
CVE-2020-19669 1 Eyoucms 1 Eyoucms 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3.6 that can add an admin account via /login.php?m=admin&c=Admin&a=admin_add&lang=cn.
CVE-2020-19639 1 Insma 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.
CVE-2020-19280 1 Jeesns 1 Jeesns 2026-06-17 6.8 MEDIUM 8.8 HIGH
Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations.
CVE-2020-19278 1 Mm-wiki Project 1 Mm-wiki 2026-06-17 N/A 8.8 HIGH
Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.
CVE-2020-19268 1 Dswjcms Project 1 Dswjcms 2026-06-17 3.5 LOW 5.7 MEDIUM
A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users.
CVE-2020-19264 1 Mipcms 1 Mipcms 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.
CVE-2020-19263 1 Mipcms 1 Mipcms 2026-06-17 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily escalate user privileges to administrator via index.php?s=/user/ApiAdminUser/itemEdit.
CVE-2020-19199 1 Phpok 1 Phpok 2026-06-17 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.
CVE-2020-19159 1 Laiketui 1 Laiketui 2026-06-17 6.8 MEDIUM 8.8 HIGH
Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.