← voltar
CVE-2020-9388

CVE-2020-9388

EPSS 0.8%
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRFhttps://support.squaredup.com/hc/en-us/articles/360017568238https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRF