PT-2020-14146 · Artica · Artica Proxy

Pratiksha Dhone

Published

2020-07-15

Updated

2020-07-21

CVE-2020-15051

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Artica Proxy versions prior to 4.30.000000

Description An issue exists in the software where stored XSS is possible via several fields, including the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.

Recommendations For versions prior to 4.30.000000, update to version 4.30.000000 or later to resolve the issue. As a temporary workaround, consider restricting input to the mentioned fields to minimize the risk of exploitation. Avoid using the vulnerable fields in the affected versions until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-15051

Affected Products

Artica Proxy

PT-2020-14146 · Artica · Artica Proxy

CVE-2020-15051

Weakness Enumeration

Related Identifiers

Affected Products

References · 5