← voltar
CVE-2020-15263

XSS in platform

CVSS 8 HIGHEPSS 0.7%CWE-79
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 out 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Produtos afetados
orchidsoftware · platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169https://github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x