Vulnerability Description
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Olimpoks | Olimpok | < 3.3.39 |
Related Weaknesses (CWE)
References
- https://bdu.fstec.ru/vul/2020-04623Third Party Advisory
- https://github.com/Security-AVS/CVE-2020-16270Third Party Advisory
- https://olimpoks.ru/oks/forum/olimpoks5.phpProductVendor Advisory
- https://bdu.fstec.ru/vul/2020-04623Third Party Advisory
- https://github.com/Security-AVS/CVE-2020-16270Third Party Advisory
- https://olimpoks.ru/oks/forum/olimpoks5.phpProductVendor Advisory
FAQ
What is CVE-2020-16270?
CVE-2020-16270 is a vulnerability with a CVSS score of 6.1 (MEDIUM). OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applicat...
How severe is CVE-2020-16270?
CVE-2020-16270 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16270?
Check the references section above for vendor advisories and patch information. Affected products include: Olimpoks Olimpok.