CVE-2020-16246

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
20/10/2020
Last modified:
16/11/2020

Description

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:ge:s2020_firmware:*:*:*:*:*:*:*:* 07a06 (excluding)
cpe:2.3:h:ge:s2020:-:*:*:*:*:*:*:*
cpe:2.3:o:ge:s2024_firmware:*:*:*:*:*:*:*:* 07a06 (excluding)
cpe:2.3:h:ge:s2024:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools