Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-2AFEE0E710736F4BDF2B670CF82BDB38

HistoryOct 08, 2020 - 12:00 a.m.

Cross-site Scripting

2020-10-0800:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user’s browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes.

Affected configurations

Vulners

Node

mavenhapi-fhir-testpage-overlayRange≤5.0.0

CPENameOperatorVersion
maven/ca.uhn.hapi.fhir/hapi-fhir-testpage-overlayle5.0.0

CPE	Name	Operator	Version
	maven/ca.uhn.hapi.fhir/hapi-fhir-testpage-overlay	le	5.0.0

References

nvd.nist.gov/vuln/detail/CVE-2020-24301

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for GITLAB-2AFEE0E710736F4BDF2B670CF82BDB38