Lucene search
GoogleOSV:CVE-2020-21485HistoryJun 20, 2023 - 3:15 p.m.
CVE-2020-21485
2023-06-2015:15:11
Google
osv.dev
4
cve-2020-21485
cross site scripting
alluxio
remote attacker
arbitrary code
path parameter
browse board component
security vulnerability
software
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
References
Related
nvd
nvd
CVE-2020-21485
2023-06-20 15:15:11
github
github
Alluxio Cross Site Scripting vulnerability
2023-06-20 15:31:09
cvelist
cvelist
CVE-2020-21485
2023-06-20 00:00:00
osv
osv
Alluxio Cross Site Scripting vulnerability
2023-06-20 15:31:09
veracode
veracode
Cross-Site Scripting (XSS)
2023-06-28 11:48:11
cve
cve
CVE-2020-21485
2023-06-20 15:15:11
prion
prion
Cross site scripting
2023-06-20 15:15:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
Related for OSV:CVE-2020-21485