Vulnerabilities (CVE)

Filtered by CWE-352
Total 6085 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24982 1 Quadbase 1 Espressdashboard 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.
CVE-2020-24922 1 Xuxueli 1 Xxl-job 2024-11-21 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
CVE-2020-24847 1 Fruitywifi Project 1 Fruitywifi 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.
CVE-2020-24740 1 Pluck-cms 1 Pluck 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
CVE-2020-24739 1 Idreamsoft 1 Icms 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
CVE-2020-24570 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.
CVE-2020-24373 1 Free 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
CVE-2020-24271 1 Easycms 1 Easycms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.
CVE-2020-24130 1 Ponzu-cms 1 Ponzu 2024-11-21 4.3 MEDIUM 8.1 HIGH
A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts.
CVE-2020-24033 1 Fs 2 S3900 24t4s, S3900 24t4s Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges.
CVE-2020-23960 1 Fork-cms 1 Fork Cms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.
CVE-2020-23837 1 Multi User Project 1 Multi User 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
CVE-2020-23836 1 Oswapp 1 Warehouse Inventory System 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.
CVE-2020-23830 1 Stock Management System Project 1 Stock Management System 2024-11-21 5.8 MEDIUM 7.1 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
CVE-2020-23824 1 Argosoft 1 Mail Server 2024-11-21 6.8 MEDIUM 8.8 HIGH
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.
CVE-2020-23686 1 Ayacms Project 1 Ayacms 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
CVE-2020-23631 1 Wdja 1 Wdja Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.
CVE-2020-23595 1 Yzmcms 1 Yzmcms 2024-11-21 N/A 8.8 HIGH
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.
CVE-2020-23593 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2024-11-21 N/A 6.5 MEDIUM
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp.' The system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.
CVE-2020-23592 1 Optilinknetwork 2 Op-xt71000n, Op-xt71000n Firmware 2024-11-21 N/A 8.8 HIGH
A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Reset ONU to Factory Default through ' /mgm_dev_reset.asp.' Resetting to default leads to Escalation of Privileges by logging-in with default credentials.