CVE-2020-16270
Last modified
CVE-2020-16270 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. EPSS estimates a 13.11% chance of exploitation in the next 30 days.
Description
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Olimpoks | Olimpok | < 3.3.39 |
References
- https://bdu.fstec.ru/vul/2020-04623Third Party Advisory
- https://github.com/Security-AVS/CVE-2020-16270Third Party Advisory
- https://olimpoks.ru/oks/forum/olimpoks5.phpProduct, Vendor Advisory
- https://bdu.fstec.ru/vul/2020-04623Third Party Advisory
- https://github.com/Security-AVS/CVE-2020-16270Third Party Advisory
- https://olimpoks.ru/oks/forum/olimpoks5.phpProduct, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-16270?
How severe is CVE-2020-16270?
How do I fix CVE-2020-16270?
Are you affected by CVE-2020-16270?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST