CVE-2020-9388

CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.

Source: CVE-2020-9388

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다