CVE-2020-14294

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.

Ссылки

http://seclists.org/fulldisclosure/2020/Sep/50
Exploit
Mailing List
Third Party Advisory
https://github.com/patrickhener/CVE-2020-14294
Third Party Advisory
https://www.qiata.com
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata
Third Party Advisory
http://seclists.org/fulldisclosure/2020/Sep/50
Exploit
Mailing List
Third Party Advisory
https://github.com/patrickhener/CVE-2020-14294
Third Party Advisory
https://www.qiata.com
Product
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-024.txt
Exploit
Third Party Advisory
https://www.syss.de/pentest-blog/syss-2020-024-und-syss-2020-025-zwei-schwachstellen-in-file-transfer-loesung-von-qiata
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secudos:qiata_fta:*:*:*:*:*:*:*:*

Версия до 1.70.19 (включая)

EPSS

Процентиль: 69%

0.00615

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rrg8-mgx4-vjw8

github

больше 3 лет назад