PT-2020-13932 · Divebook · Divebook Plugin

Published

2020-12-08

Updated

2020-12-10

CVE-2020-14206

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DiveBook plugin version 1.1.4

Description The issue concerns an unauthenticated XSS within the filter function, which can be exploited via an arbitrary parameter.

Recommendations For version 1.1.4, consider disabling the filter function until a patch is available. Restrict access to the arbitrary parameter to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-14206

Affected Products

Divebook Plugin

PT-2020-13932 · Divebook · Divebook Plugin

CVE-2020-14206

Weakness Enumeration

Related Identifiers

Affected Products

References · 5