CVE-2020-9388
N/A
N/A
Summary
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://support.squaredup.com/hc/en-us/articles/360017568238
- https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
- https://scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
References
- https://support.squaredup.com/hc/en-us/articles/360017568238
- https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
- https://scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.