Lucene search
GoogleOSV:CVE-2020-7011HistoryJun 03, 2020 - 6:15 p.m.
CVE-2020-7011
2020-06-0318:15:22
Google
osv.dev
5
Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victimΓ―ΒΏΒ½s web browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| app-search-php | eq | 7.3.0 | |
| app-search-php | eq | 1.0.0 | |
| app-search-php | eq | 7.6.0 | |
| app-search-php | eq | 7.2.0 | |
| app-search-php | eq | 1.0.2 | |
| app-search-php | eq | 7.5.0 | |
| app-search-php | eq | 7.4.0 | |
| app-search-php | eq | 1.0.1 |
References
Related
redhatcve
redhatcve
CVE-2020-7011
2020-06-19 13:25:15
ubuntucve
ubuntucve
CVE-2020-7011
2020-06-03 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-06-04 03:54:25
nvd
nvd
CVE-2020-7011
2020-06-03 18:15:22
cvelist
cvelist
CVE-2020-7011
2020-06-03 17:55:43
cve
cve
CVE-2020-7011
2020-06-03 18:15:22
prion
prion
Cross site scripting
2020-06-03 18:15:00