Medium severity6.5NVD Advisory· Published Feb 3, 2021· Updated Jun 17, 2026
CVE-2020-9388
CVE-2020-9388
Description
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SquaredUp/SquaredUpdescription
Patches
Vulnerability mechanics
References
3- support.squaredup.com/hc/en-us/articles/360017568238nvdBroken LinkVendor Advisory
- support.squaredup.com/hc/en-us/articles/360019427218-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRFnvdBroken LinkVendor Advisory
- scomsupport.squaredup.com/hc/en-us/articles/8862921957533-CVE-2020-9388-API-Endpoints-are-not-protected-against-CSRFnvd
News mentions
0No linked articles in our index yet.