CVE-2020-35228

CWE-79 ā€” Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.2%
top 61.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Gs116e FirmwareNetgear Jgs516pe Firmware
Timeline
PublishedMar 10
Latest updateMay 24

Description

A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the language parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

ā–¶NVDnetgear/jgs516pe_firmware2.6.0.43
ā–¶NVDnetgear/gs116e_firmware2.6.0.43

šŸ”“Vulnerability Details

2
GHSA
GHSA-2mhf-732c-q449: A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2ā†—2022-05-24
ā–¶
CVEList
CVE-2020-35228: A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2ā†—2021-03-10
ā–¶

šŸ”Detection Rules

1
Suricata
ET EXPLOIT Netgear ProSAFE Plus Stored XSS Inbound (CVE-2020-35228)ā†—2021-03-11
ā–¶
CVE-2020-35228 (MEDIUM CVSS 4.8) | A cross-site scripting (XSS) vulner | cvebase.io