CVE-2020-20545 — MEDIUM (5.4)

Vulnerability Description

Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Seeyon	G6 Government Collaborative System	6.1

Related Weaknesses (CWE)

CWE-79

References

http://note.youdao.com/noteshare?id=29f908204968a79233c1c0c80a59f8ff&sub=AFA8E81ExploitThird Party Advisory
http://note.youdao.com/noteshare?id=51d8946722c0304b5bfd72da03eaf013&sub=BDBAD6EExploitThird Party Advisory
http://note.youdao.com/noteshare?id=29f908204968a79233c1c0c80a59f8ff&sub=AFA8E81ExploitThird Party Advisory
http://note.youdao.com/noteshare?id=51d8946722c0304b5bfd72da03eaf013&sub=BDBAD6EExploitThird Party Advisory

FAQ

What is CVE-2020-20545?

CVE-2020-20545 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.

How severe is CVE-2020-20545?

CVE-2020-20545 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-20545?

Check the references section above for vendor advisories and patch information. Affected products include: Seeyon G6 Government Collaborative System.