Zurück zur CVE-Übersicht
CVE-2020-20586
MEDIUM(4.5)CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.5 — Mittel
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.5
Technische Schwere
Beschreibung
A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.