{"vulnerability": "CVE-2020-9388", "sightings": [{"uuid": "874d4043-c853-43e7-b3b2-e55ef7b77425", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-9388", "type": "seen", "source": "https://t.me/cibsecurity/23036", "content": "\u203c CVE-2020-9388 \u203c\n\nCSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-03T22:35:52.000000Z"}]}