exploitDog

CVE-2020-23050

Опубликовано: 22 окт. 2021

Источник: nvd

CVSS3: 8

CVSS2: 6

EPSS Низкий

Описание

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.

Ссылки

https://cwe.mitre.org/data/definitions/79.html
Technical Description
https://www.vulnerability-lab.com/get_content.php?id=2215
Exploit
Third Party Advisory
https://cwe.mitre.org/data/definitions/79.html
Technical Description
https://www.vulnerability-lab.com/get_content.php?id=2215
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taotesting:tao_assessment_platform:3.3.0:rc02:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00396

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-7qr5-9jjp-qxv8

CVSS3: 8

github

больше 3 лет назад

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.

EPSS

Процентиль: 60%

0.00396

Низкий

8 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-74