6 matches found
CVE-2020-20142
Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...
Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20142...
CVE-2020-20142
creationtimestamp| type| source ---|---|--- 2020-12-18 02:43:20+00:00| seen| https://t.me/cibsecurity/21039 2024-11-14 06:07:34+00:00| seen| MISP/73393f6e-2f3f-446f-9012-84b70b6cdbf1...
CVE-2020-20142
Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...
CVE-2020-20142
Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...
CVE-2020-20142
The provided connected sources confirm CVE-2020-20142 affects Flexmonster Pivot Table & Charts 2.7.17, specifically the "+To Remote CSV" component under the Open menu. The root cause is a reflected XSS due to insufficient input sanitization of the 'path' parameter when fetching file specification...