Lucene search

[email protected]NVD:CVE-2020-15263

HistoryOct 19, 2020 - 9:15 p.m.

CVE-2020-15263

2020-10-1921:15:12

CWE-79

[email protected]

web.nvd.nist.gov

xss vulnerability

user input

security patch

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.3%

JSON

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

Affected configurations

Nvd

Node

orchidplatformRange9.0.0–9.4.4

VendorProductVersionCPE
orchidplatform*cpe:2.3:a:orchid:platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
orchid	platform	*	cpe:2.3:a:orchid:platform::::::::

References

github.com/orchidsoftware/platform/commit/03f9a113b1a70bc5075ce86a918707f0e7d82169

github.com/orchidsoftware/platform/security/advisories/GHSA-589w-hccm-265x

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.3%

JSON

Related for NVD:CVE-2020-15263

osv2 cvelist1 prion1 github1 veracode1 cve1