CVE-2020-29653

Опубликовано: 13 апр. 2022

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.

Ссылки

https://github.com/Froxlor/Froxlor/commits/master
Patch
Third Party Advisory
https://github.com/Froxlor/Froxlor/security/advisories
Not Applicable
Third Party Advisory
https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/
Exploit
Third Party Advisory
https://github.com/Froxlor/Froxlor/commits/master
Patch
Third Party Advisory
https://github.com/Froxlor/Froxlor/security/advisories
Not Applicable
Third Party Advisory
https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*

Версия до 0.10.22 (включая)

EPSS

Процентиль: 56%

0.00331

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-29653

CVSS3: 6.1

debian

почти 4 года назад

Froxlor through 0.10.22 does not perform validation on user input pass ...

GHSA-j739-gw6q-f4c7

CVSS3: 6.1

github

почти 4 года назад

HTML Injection in Froxlor

EPSS

Процентиль: 56%

0.00331

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79