CVE-2019-20381

Опубликовано: 20 янв. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491.

Ссылки

http://mantis.testlink.org/view.php?id=8808
Issue Tracking
Third Party Advisory
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e
Patch
Third Party Advisory
https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20
Third Party Advisory
http://mantis.testlink.org/view.php?id=8808
Issue Tracking
Third Party Advisory
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e
Patch
Third Party Advisory
https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:testlink:testlink:*:*:*:*:*:*:*:*

Версия до 1.9.20 (исключая)

EPSS

Процентиль: 61%

0.00419

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-4m79-5wgf-hgr6