Explore CVEs related to CSRF vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing CSRF CVEs published in 2020. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2018-16795 | OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. | 8.8 | 0.02% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35778 | Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. | 4.3 | 0.15% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35773 | The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | 8.8 | 0.14% | 2020-12-29 | 2024-11-21 |
| CVE-2020-35615 | An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. | 6.3 | 0.00% | 2020-12-28 | 2024-11-21 |
| CVE-2020-26033 | An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. | 5.4 | 0.05% | 2020-12-28 | 2024-11-21 |
| CVE-2020-35347 | CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. | 6.5 | 0.06% | 2020-12-26 | 2024-11-21 |
| CVE-2020-26766 | A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. | 8.8 | 0.10% | 2020-12-26 | 2024-11-21 |
| CVE-2020-35677 | BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group | 4.8 | 0.11% | 2020-12-24 | 2024-11-21 |
| CVE-2020-35269 | Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. | 8.8 | 1.34% | 2020-12-23 | 2024-11-21 |
| CVE-2020-35626 | An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. | 8.8 | 0.10% | 2020-12-21 | 2024-11-21 |
| CVE-2020-35273 | EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account. | 8.0 | 0.16% | 2020-12-21 | 2024-11-21 |
| CVE-2020-7201 | A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). | 8.8 | 0.18% | 2020-12-18 | 2024-11-21 |
| CVE-2020-4764 | IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. | 6.5 | 0.05% | 2020-12-18 | 2024-11-21 |
| CVE-2020-13527 | An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | 4.5 | 0.09% | 2020-12-18 | 2024-11-21 |
| CVE-2020-8465 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | 9.8 | 0.18% | 2020-12-17 | 2024-11-21 |
| CVE-2020-8461 | A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token. | 8.8 | 0.23% | 2020-12-17 | 2024-11-21 |
| CVE-2020-25095 | LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site WebSocket Hijacking (CSWH). If a logged-in PM user visits a malicious site in the same browser session, that site can perform a CSRF attack to create a WebSocket from the victim client to the vulnerable PM server. Once the socket is created, the malicious site can interact with the vulnerable web server in the context of the logged-in user. This can include WebSocket payloads that result in command e | 8.8 | 0.37% | 2020-12-17 | 2024-11-21 |
| CVE-2020-4904 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 | 0.05% | 2020-12-16 | 2024-11-21 |
| CVE-2020-28931 | Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | 8.8 | 0.37% | 2020-12-16 | 2024-11-21 |
| CVE-2019-14481 | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client. Successful exploitation requires a logged-in user to open a malicious page and leads to account takeover. | 5.4 | 0.07% | 2020-12-16 | 2024-11-21 |