CVE-2020-5533 — Cross-site Scripting in Aterm Wg2600hs Firmware

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 37.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NEC Aterm Wg2600hs Firmware NEC Corporation Aterm Wg2600hs

Timeline

PublishedFeb 21

Latest updateMay 24

Description

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDnec/aterm_wg2600hs_firmware1.3.2

▶CVEListV5nec_corporation/aterm_wg2600hsfirmware Ver1.3.2 and earlier

🔴Vulnerability Details

GHSA

GHSA-rhgf-c9m6-xg7c: Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1↗2022-05-24

▶

CVEList

CVE-2020-5533: Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1↗2020-02-21

▶

📋Vendor Advisories

Oracle

Oracle Oracle Retail Applications Risk Matrix: Point of Sale (JasperReports) — CVE-2017-5533↗2020-04-15

▶

💬Community

Bugzilla

CVE-2020-10695 containers/redhat-sso-7: /etc/passwd is given incorrect privileges↗2020-03-26

▶