CVE-2021-20660

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.6%

top 30.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contec Sv-cpt-mc310 Firmware Contec Co., Ltd. Solarview Compact

Timeline

PublishedFeb 24

Latest updateMay 24

Description

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5contec_co.,_ltd./solarview_compactSV-CPT-MC310 prior to Ver.6.5

▶NVDcontec/sv-cpt-mc310_firmware< 6.5

🔴Vulnerability Details

GHSA

GHSA-6473-48q6-rp78: Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver↗2022-05-24

▶

CVEList

CVE-2021-20660: Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver↗2021-02-24

▶