Lucene search
PRIOn knowledge basePRION:CVE-2020-28502HistoryMar 05, 2021 - 6:15 p.m.
Design/Logic Flaw
2021-03-0518:15:00
PRIOn knowledge base
www.prio-n.com
3
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
| CPE | Name | Operator | Version |
|---|---|---|---|
| xmlhttprequest | lt | 1.7.0 |
Related
githubexploit
githubexploit
Exploit for Code Injection in Xmlhttprequest Project Xmlhttprequest
2021-05-12 12:11:03
veracode
veracode
Arbitrary Code Execution
2021-03-08 05:03:56
cvelist
cvelist
CVE-2020-28502 Arbitrary Code Injection
2021-03-05 00:00:00
debiancve
debiancve
CVE-2020-28502
2021-03-05 18:15:12
github
github
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
2021-05-04 18:02:34
nodejs
nodejs
Arbitrary Code Injection
2021-05-04 18:18:00
osv
osv
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
2021-05-04 18:02:34
CVE-2020-28502
2021-03-05 18:15:12
cve
cve
CVE-2020-28502
2021-03-05 18:15:12
nvd
nvd
CVE-2020-28502
2021-03-05 18:15:12
ibm
ibm
ubuntucve
ubuntucve
CVE-2020-28502
2021-03-05 00:00:00
redhatcve
redhatcve
CVE-2020-28502
2021-03-05 20:58:13