{"id":"CVE-2020-28191","details":"The console in Togglz before 2.9.4 allows CSRF.","aliases":["GHSA-697v-pxg3-j262"],"modified":"2026-04-11T23:12:55.587570Z","published":"2022-12-26T22:15:10.387Z","related":["GHSA-697v-pxg3-j262"],"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-697v-pxg3-j262"},{"type":"FIX","url":"https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707"},{"type":"FIX","url":"https://github.com/togglz/togglz/pull/495"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/togglz/togglz","events":[{"introduced":"0"},{"fixed":"655fc210a77c36057f1b3815bb2bfd6cd35254d8"},{"fixed":"ed66e3f584de954297ebaf98ea4a235286784707"}],"database_specific":{"cpe":"cpe:2.3:a:togglz:togglz:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.9.4"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["1.0.0.Alpha1","1.0.0.Alpha2","1.0.0.Alpha3","1.0.0.Alpha4","1.0.0.Alpha5","1.0.0.Alpha6","1.0.0.Final","1.1.0.Final","2.0.0.Alpha1","2.0.0.Beta1","2.0.0.Beta2","2.0.0.Final","2.0.0.RC1","2.1.0.Final","2.2.0.Final","2.3.0.Final","2.3.0.RC1","2.4.0.Final","2.4.0.RC1","2.5.0.Final","2.6.0.Final","2.7.0","2.7.1","2.7.2","2.8.0","2.9.0","2.9.1","2.9.2","2.9.3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:12:55Z","vanir_signatures":[{"digest":{"line_hashes":["12207579817764205720094307330642010418","76383969403441108609025026498130498960","123289773922505499083256610594218990572","123496317571994318484413838353952234913","279274955540094229692798434998893336977","69387283049142711970176562609484687797","240297344135303215872978558451237412557","102026923242023653881673165940697898183","88230631937852424211219365011976606068","176938735394971359788005032572627991058","232339077217431613785497883405318464187","103991873706079500223884094718757065108","137498542003860960659483306970408141906","135999910451877975673340178759142617569","241401378363459846828343374613001452573","163398980764563056878386707268740059983"],"threshold":0.9},"signature_version":"v1","target":{"file":"console/src/main/java/org/togglz/console/handlers/edit/EditPageHandler.java"},"source":"https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707","signature_type":"Line","id":"CVE-2020-28191-2ca2fe09","deprecated":false},{"digest":{"length":853,"function_hash":"103519041531238068259260245362167228932"},"signature_version":"v1","target":{"file":"console/src/main/java/org/togglz/console/handlers/edit/EditPageHandler.java","function":"process"},"source":"https://github.com/togglz/togglz/commit/ed66e3f584de954297ebaf98ea4a235286784707","signature_type":"Function","id":"CVE-2020-28191-7a3a53d3","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28191.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}