Description
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2020-23920 | In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T17:23:10.489Z
Reserved: 2021-06-17T00:00:00.000Z
Link: CVE-2020-36389
No data.
Status : Modified
Published: 2021-06-17T19:15:07.827
Modified: 2026-06-17T03:15:23.800
Link: CVE-2020-36389
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-352
Cross-Site Request Forgery (CSRF)
EUVD