Lucene search

[email protected]CVE-2020-35262

HistoryJan 06, 2021 - 10:15 p.m.

CVE-2020-35262

2021-01-0622:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-35262

cross site scripting

xss

digisol

dg-hr3400

ntp server

time and date module

url filter

keyword

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

42.4%

JSON

Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and “Keyword” in URL Filter.

Affected configurations

NVD

Node

digisoldg-hr3400_firmwareMatch-

AND

digisoldg-hr3400Match-

CPENameOperatorVersion
digisol:dg-hr3400_firmwaredigisol dg-hr3400 firmwareeq-

CPE	Name	Operator	Version
digisol:dg-hr3400_firmware	digisol dg-hr3400 firmware	eq	-

References

digisol.com

github.com/the-girl-who-lived/CVE-2020-35262

youtu.be/E5wEzf-gkOE

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for CVE-2020-35262

prion1 nvd1 githubexploit1 cvelist1