CVE-2020-28930

A Cross-Site Scripting XSS issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 21.0.11 allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator...

CVE-2020-28930

CVE-2020-28930 is an XSS flaw in EPSON EPS TSE Server 8 (21.0.11) affecting the settings/users.php “update user” and “delete user” paths. An authenticated attacker can inject JavaScript on the user management page that is executed by an administrator. The CVSSv3.1 base score is 5.4 (AV:N/AC:L/PR:...

CVE-2020-28929

Technical details about CVE-2020-28929 are not publicly provided in the supplied documents; monitor for updates from sources to determine affected products, impact, and fixes.

EPSON EPS TSE Server Cross-Site Scripting Vulnerability

EPSON EPS TSE Server is a server from EPSON Japan. A cross-site scripting vulnerability exists in EPSON EPS TSE Server 8 that stems from a cross-site scripting XSS issue with the update user and delete user functions in settings users.php, which could be exploited by authenticated attackers to...