Vulnerability Description
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squaredup | Squaredup | < 4.6 |
Related Weaknesses (CWE)
References
- https://scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-
- https://support.squaredup.com/hc/en-us/articles/360017568238Broken LinkVendor Advisory
- https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-EBroken LinkVendor Advisory
- https://scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-
- https://support.squaredup.com/hc/en-us/articles/360017568238Broken LinkVendor Advisory
- https://support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-EBroken LinkVendor Advisory
FAQ
What is CVE-2020-9388?
CVE-2020-9388 is a vulnerability with a CVSS score of 6.5 (MEDIUM). CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page,...
How severe is CVE-2020-9388?
CVE-2020-9388 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9388?
Check the references section above for vendor advisories and patch information. Affected products include: Squaredup Squaredup.