5.4
CVE-2020-12082
- EPSS 0.44%
- Veröffentlicht 17.09.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 04:59:14
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Flexera ≫ Flexnet Code Insight Version >= 7.0.0 <= 7.11.0-64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.35 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://community.flexera.com/t5/Code-Insight-Knowledge-Base/CVE-2020-12082-Remediated-in-Code-Insight/ta-p/169353