3.5
CVE-2020-14525
- EPSS 0.08%
- Veröffentlicht 18.09.2020 18:15:16
- Zuletzt bearbeitet 04.06.2025 22:15:23
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginPhilips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Philips ≫ Clinical Collaboration Platform Version <= 12.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 2.7 | 5.1 | 2.9 |
AV:A/AC:L/Au:S/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.