CVE-2020-14042

Опубликовано: 25 авг. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."

Ссылки

https://advisory.checkmarx.net/advisory/CX-2020-4278
Exploit
Third Party Advisory
https://github.com/Codiad/Codiad/blob/master/README.md
Third Party Advisory
https://github.com/Codiad/Codiad/issues/1122
Exploit
Issue Tracking
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2020-4278
Exploit
Third Party Advisory
https://github.com/Codiad/Codiad/blob/master/README.md
Third Party Advisory
https://github.com/Codiad/Codiad/issues/1122
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codiad:codiad:*:*:*:*:*:*:*:*

Версия от 1.7.8 (включая)

EPSS

Процентиль: 56%

0.00336

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g2x4-256v-5pvx