CVE-2020-19295

Beschreibung:
A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML.

CWE: CWE-79 CWE-259 CWE-522

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 6.1 (Version: 3.1)

Links:

NVD – CVE-2020-19295
CVE – CVE-2020-19295

Link (max. 20) Quelle Tags
https://www.seebug.org/vuldb/ssvid-97950 MISC Exploit Third Party Advisory
https://github.com/zchuanzhao/jeesns/issues/21 MISC Exploit Third Party Advisory
https://github.com/pomerium/pomerium/security/advisories/GHSA-cfc2-wjcm-c8fm CONFIRM
https://github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9 MISC

Quelle: NVD – CVE-2020-19295
Datum Veröffentlichung: 2021-09-09T23:15Z, Datum letzte Änderung: 2021-09-13T14:52Z