CVE-2020-28403
HIGHStar Practice Management Web 2019.2.0.6 - Cross-Site Request Forgery
Title source: llmDescription
A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.
References (3)
Core 3
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-28403
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403
Scores
CVSS v3
8.0
EPSS
0.0066
EPSS Percentile
47.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
iris/star
2019.2.0.6
Published
Jan 29, 2021
Tracked Since
Feb 18, 2026