CVE-2020-28858
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentional
CVSS
8.8
High
EPSS
1.0%
p60
KEV
—
Exploit Today
18
0-100
Published: Dec 14, 2020 · Last modified: Jul 9, 2026 · CWE-352
1.0%EPSS · 30 days1.1%
2026-06-302026-07-16
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
- packetstormsecurity.comhttp://packetstormsecurity.com/files/160458/OpenAsset-Digital-Asset-Management-Cross-Site-Request-Forgery.html
- seclists.orghttp://seclists.org/fulldisclosure/2020/Dec/19
- www.themissinglink.com.auhttps://www.themissinglink.com.au/security-advisories-cve-2020-28858
- packetstormsecurity.comhttp://packetstormsecurity.com/files/160458/OpenAsset-Digital-Asset-Management-Cross-Site-Request-Forgery.html
- seclists.orghttp://seclists.org/fulldisclosure/2020/Dec/19
- www.themissinglink.com.auhttps://www.themissinglink.com.au/security-advisories-cve-2020-28858
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2008-41284.3 MED97.6%
KEV—79Cisco IOS Cross-Site Request Forgery Vulnerability3dCVE-2019-135298.8 HIG86.2%
——26An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.3dCVE-2020-183268.8 HIG80.4%
——24Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.8dCVE-2020-218848.8 HIG63.1%
——19Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device.8dCVE-2020-275748.8 HIG50.8%
——15Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user.8dCVE-2022-261738.8 HIG47.9%
——14JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.8d