Lucene search

[email protected]CVE-2020-28722

HistoryMay 12, 2021 - 8:15 p.m.

CVE-2020-28722

2021-05-1220:15:07

CWE-79

[email protected]

web.nvd.nist.gov

deskpro

cloud platform

on-premise

2020.2.3.48207

xss

vulnerability

email templates

nvd

cve-2020-28722

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.

Affected configurations

NVD

Node

deskprodeskproRange2020-07-30–2020.2.3.48207cloud

deskprodeskproRange2020-07-30–2020.2.3.48207on-premise

CPENameOperatorVersion
deskpro:deskprodeskprole2020.2.3.48207

CPE	Name	Operator	Version
deskpro:deskpro	deskpro	le	2020.2.3.48207

References

www.r29k.com/articles/bb/stored-xss-in-deskpro

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVE-2020-28722

cvelist1 nvd1 prion1