CVE-2020-29653

Sažetak

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.

Reference

https://github.com/Froxlor/Froxlor/security/advisories
https://nozero.io/en/cve-2020-29653-froxlor-html-injection-dangling-markup/
https://github.com/Froxlor/Froxlor/commits/master

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

20-04-2022 - 16:22

Objavljeno

13-04-2022 - 13:15