Lucene search
SnykCVELIST:CVE-2020-7747HistoryOct 20, 2020 - 10:25 a.m.
CVE-2020-7747 Cross-site Scripting (XSS)
2020-10-2010:25:15
snyk
www.cve.org
2
cve-2020-7747
lightning-server
xss vulnerability
javascript injection
session controller
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:P/RL:U/RC:C
EPSS
0.001
Percentile
41.5%
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
CNA Affected
[
{
"product": "lightning-server",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
github
github
Cross-site Scripting in lightning-server
2021-05-10 18:39:15
veracode
veracode
Cross-site Scripting (XSS)
2020-10-21 06:21:05
osv
osv
Cross-site Scripting in lightning-server
2021-05-10 18:39:15
prion
prion
Code injection
2020-10-20 11:15:00
cve
cve
CVE-2020-7747
2020-10-20 11:15:12
nvd
nvd
CVE-2020-7747
2020-10-20 11:15:12
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:P/RL:U/RC:C
EPSS
0.001
Percentile
41.5%
Related for CVELIST:CVE-2020-7747