PT-2020-15239 · Flexmonster · Flexmonster Pivot Table & Charts

Published

2020-12-17

Updated

2020-12-18

CVE-2020-20141

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Flexmonster Pivot Table & Charts version 2.7.17

Description A Cross Site Scripting (XSS) issue exists in the To OLAP (XMLA) component under the Connect menu. This allows for potential malicious script execution. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For Flexmonster Pivot Table & Charts version 2.7.17, update to a version that fixes the Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component. As a temporary workaround, consider restricting access to the Connect menu or disabling the To OLAP (XMLA) component until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-20141

Affected Products

Flexmonster Pivot Table & Charts

PT-2020-15239 · Flexmonster · Flexmonster Pivot Table & Charts

CVE-2020-20141

Weakness Enumeration

Related Identifiers

Affected Products

References · 6