PT-2020-15930 · Nifty · Nifty Project Management Web Application
Published
2020-09-15
·
Updated
2024-08-04
·
CVE-2020-25071
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nifty Project Management Web Application (affected versions not specified)
Description
The issue allows for XSS via the Add Task feature, which is rendered when visiting the Project Home. The original problem involved creating a task and displaying an alert on the screen. However, it has been argued that this issue is not reproducible, as the task can still be created but the alert will not be executed due to stripped attributes.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nifty Project Management Web Application