PT-2020-15472 · Hfish · Hfish
Assassins-White
·
Published
2020-09-30
·
Updated
2020-10-06
·
CVE-2020-22481
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HFish version 0.5.1
Description
An issue was discovered where inserting a payload in the password entry field triggers XSS code when the administrator views the information.
Recommendations
For HFish version 0.5.1, consider disabling the password entry field or restricting access to it until a fix is available to prevent XSS code triggering.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hfish