CVE-2020-5901
published 2020-07-01CVE-2020-5901: In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as…
critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | 3.3.0 – 3.4.0 | — |