Vulnerability Description
APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apfell Project | Apfell | <= 1.4 |
Related Weaknesses (CWE)
References
- https://github.com/its-a-feature/Apfell/commit/5fc64502bc008388514f2b5d1160b677ePatchThird Party Advisory
- https://seekurity.com/blog/2020/04/19/admin/advisories/apfell-post-exploitation-ExploitThird Party Advisory
- https://github.com/its-a-feature/Apfell/commit/5fc64502bc008388514f2b5d1160b677ePatchThird Party Advisory
- https://seekurity.com/blog/2020/04/19/admin/advisories/apfell-post-exploitation-ExploitThird Party Advisory
FAQ
What is CVE-2020-23014?
CVE-2020-23014 is a vulnerability with a CVSS score of 5.4 (MEDIUM). APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user sessio...
How severe is CVE-2020-23014?
CVE-2020-23014 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-23014?
Check the references section above for vendor advisories and patch information. Affected products include: Apfell Project Apfell.