Lucene search

GitHub_MCVELIST:CVE-2020-15263

HistoryOct 19, 2020 - 8:35 p.m.

CVE-2020-15263 XSS in platform

2020-10-1920:35:17

CWE-79

GitHub_M

www.cve.org

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.5%

JSON

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

CNA Affected

[
  {
    "product": "platform",
    "vendor": "orchidsoftware",
    "versions": [
      {
        "status": "affected",
        "version": ">= 9.0.0, < 9.4.4"
      }
    ]
  }
]

References

github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169

github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for CVELIST:CVE-2020-15263