PatchSiren

Bloofox CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Bloofox CVE published 2026-05-16

CVE-2020-37241

CVE-2020-37241 describes a cross-site request forgery issue in bloofoxCMS 0.5.2.1. If an authenticated administrator visits a malicious page, an attacker can cause unwanted administrative actions, including adding a new admin account with attacker-chosen credentials. NVD and the supplied VulnCheck references associate the issue with CWE-352 and cite the bloofoxCMS 0.5.2.1 release and an advisory/exploit r [truncated]