PT-2020-14345 · Nozomi · Nozomi Guardian

Published

2020-06-30

Updated

2020-07-07

CVE-2020-15307

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nozomi Guardian versions prior to 19.0.4

Description The issue allows attackers to achieve stored XSS in the web front end by leveraging the ability to create a custom field with a crafted field name.

Recommendations For versions prior to 19.0.4, update to version 19.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create custom fields until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-15307

Affected Products

Nozomi Guardian

PT-2020-14345 · Nozomi · Nozomi Guardian

CVE-2020-15307

Weakness Enumeration

Related Identifiers

Affected Products

References · 4