CVE-2020-13168

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.

Ссылки

https://github.com/lodestone-security/CVEs/tree/master/CVE-2020-13168
Exploit
Third Party Advisory
https://www.sysaid.com/product/on-premise/latest-release
Product
Vendor Advisory
https://github.com/lodestone-security/CVEs/tree/master/CVE-2020-13168
Exploit
Third Party Advisory
https://www.sysaid.com/product/on-premise/latest-release
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sysaid:sysaid_on-premises:5.0:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:5.5.06:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:5.6:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:6.5:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:7.0:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:7.5:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:8.0:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:8.1:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:8.5:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.0.10:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.0.30:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.0.40:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.0.52:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.0.53:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:9.1.0:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.1:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.2:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.3:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.4.00:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.4.1:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.4.2:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:14.4.3:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.1.20:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.1.30:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.1.50:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.1.70:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.2.03:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.2.04:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:15.2.05:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:16.3.16:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:16.3.17:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:17.2.03:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:17.3.57:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:18.1.54:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:19.2:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaid_on-premises:19.4:*:*:*:*:*:*:*

cpe:2.3:a:sysaid:sysaidsy_on-premises:20.1.11:b26:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00532

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gcjv-q27m-w6qm

github

больше 3 лет назад