CVE-2020-16246
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
20/10/2020
Last modified:
16/11/2020
Description
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:ge:s2020_firmware:*:*:*:*:*:*:*:* | 07a06 (excluding) | |
cpe:2.3:h:ge:s2020:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:ge:s2024_firmware:*:*:*:*:*:*:*:* | 07a06 (excluding) | |
cpe:2.3:h:ge:s2024:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page