CVE-2020-8031

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 56.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opensuse Open Build Service
Timeline
PublishedFeb 11
Latest updateMay 24

Description

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:NExploitability: 2.1 | Impact: 4.2

Affected Packages3 packages

CVEListV5opensuse/open_build_serviceOpen Build Service2.10.8
Debianopen-build-service< 2.9.4-4

🔴Vulnerability Details

3
GHSA
GHSA-6g6q-c7q8-8r7m: A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to2022-05-24
CVEList
obs: Stored XSS2021-02-11
OSV
CVE-2020-8031: A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to2021-02-11

📋Vendor Advisories

1
Debian
CVE-2020-8031: open-build-service - A Improper Neutralization of Input During Web Page Generation ('Cross-site Scrip...2020
CVE-2020-8031 (MEDIUM CVSS 5.4) | A Improper Neutralization of Input | cvebase.io