CVE-2020-27515
published 2020-12-26CVE-2020-27515: A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.31%
67.0th percentile
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| techkshetrainfo | savsoft_quiz | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j28-98vj-rxx9: A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5
ghsa_unreviewed·2022-05-24
CVE-2020-27515 [MEDIUM] CWE-79 GHSA-9j28-98vj-rxx9: A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
Red Hat
nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise
vendor_redhat·2021-02-22·CVSS 5.3
CVE-2021-27515 [MEDIUM] CWE-1286 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise
nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124.
Package: servicemesh-grafana (OpenShift Service Mesh 2.0) - Not affected
Package: servicemesh-prometheus (OpenShift Service Mesh 2.0) - Not affected
Package: rhacm2/console-rhel8 (Red Hat Advanced Cluster Management for Kuber
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-12-26
Published