Lucene search
SnykCVELIST:CVE-2020-28470HistoryJan 14, 2021 - 9:35 a.m.
CVE-2020-28470 Cross-site Scripting (XSS)
2021-01-1409:35:14
snyk
www.cve.org
4
cve
xss
json.stringify
html page
security vulnerability
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
EPSS
0.001
Percentile
36.1%
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
CNA Affected
[
{
"product": "@scullyio/scully",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2020-28470
2021-01-14 10:15:13
veracode
veracode
Cross-Site Scripting (XSS)
2021-01-15 05:30:30
osv
osv
Cross-site Scripting (XSS) in @scullyio/scully
2021-04-13 15:28:01
prion
prion
Design/Logic Flaw
2021-01-14 10:15:00
github
github
Cross-site Scripting (XSS) in @scullyio/scully
2021-04-13 15:28:01
cve
cve
CVE-2020-28470
2021-01-14 10:15:13
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
EPSS
0.001
Percentile
36.1%
Related for CVELIST:CVE-2020-28470