CWE-352

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.

An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.

An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.

Xiao5uCompany 1.7 has CSRF via admin/Admin.asp.

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.

Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.