CVE-2020-28403

Published: Jan 29, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application.

Affected (1)

Products: Iris: Star

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iris Star	Version 2019.2.0.6

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (5)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-28403

Source: cve@mitre.org

https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403

Source: cve@mitre.org

Third Party Advisory

https://www.starpracticemanagement.com/

Source: cve@mitre.org

Product

https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.starpracticemanagement.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.