2 matches found
CVE-2020-5620
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file...
CVE-2020-5620
Exment prior to v3.6.0 is vulnerable to stored cross-site scripting (via a crafted file or certain inputs). The root cause is improper input sanitization (CWE-79) that allows an arbitrary script to run in a logged-in user’s browser. Affected product: Exment; affected versions: before 3.6.0. Impac...