CVE-2020-23617

EPSS 0.2%
Published 02.05.2022 23:15:07
Last modified 21.11.2024 05:13:56
Source cve@mitre.org
Teams watchlist Login
Open Login

A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Totolink ≫ N200re Firmware Version2.0

Totolink ≫ N200re Version-

Totolink ≫ N100re Firmware Version2.0

Totolink ≫ N100re Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.419

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://totolink.net/

Product

https://gist.github.com/fuzzKitty/8ca2587213874e94e5c0aedf346c18b1

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-23617

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-23617

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-23617

EUVD