Lucene search

[email protected]CVE-2020-26885

HistoryJun 07, 2021 - 4:15 a.m.

CVE-2020-26885

2021-06-0704:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-26885

2sic 2sxc

xss

vulnerability

javascript payload

browser security

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.0%

JSON

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim’s browser.

Affected configurations

NVD

Node

2sic2sxcRange8.00.00–11.22.00

CPENameOperatorVersion
2sic:2sxc2sic 2sxclt11.22.00

CPE	Name	Operator	Version
2sic:2sxc	2sic 2sxc	lt	11.22.00

References

burninatorsec.blogspot.com/2021/04/cve-2020-26885-xss-in-2sxc.html?m=1

2SXC.org/en/blog/post/2sxc-security-notification-2021-001

burninatorsec.blogspot.com/2020/10/cve-2020-26885-xss-in-anchor-tags.html

github.com/2sic/2sxc/releases

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2020-26885

cvelist1 nvd1 prion1 osv1