PT-2020-15946 · Eramba · Eramba

Joern Schneeweisz

Published

2020-09-03

Updated

2020-09-10

CVE-2020-25104

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions eramba versions c2.8.1 through e2.19.2 eramba Enterprise versions prior to e2.19.3

Description The issue allows for cross-site scripting (XSS) attacks via a crafted filename for a file attached to an object. This can be achieved by including a complete XSS payload followed by a file extension, such as .png, in the filename.

Recommendations For eramba versions c2.8.1 through e2.19.2, update to version e2.19.3 or later. For eramba Enterprise versions prior to e2.19.3, update to version e2.19.3 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-25104

Affected Products

Eramba

PT-2020-15946 · Eramba · Eramba

CVE-2020-25104

Weakness Enumeration

Related Identifiers

Affected Products

References · 4