PT-2021-10826 · Unknown · Tao Open Source Assessment Platform
Published
2021-10-22
·
Updated
2022-11-05
·
CVE-2020-23050
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TAO Open Source Assessment Platform version 3.3.0 RC02
Description
The issue allows attackers to execute phishing attacks, external redirects, and arbitrary code due to a HTML injection vulnerability in the
userFirstName parameter of the user account input field.Recommendations
For TAO Open Source Assessment Platform version 3.3.0 RC02, avoid using the
userFirstName parameter in the user account input field until the issue is resolved. As a temporary workaround, consider restricting access to the user account input field to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tao Open Source Assessment Platform