Vulnerability Description
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quixplorer Project | Quixplorer | < 2.4.1 |
Related Weaknesses (CWE)
References
- https://dl.packetstormsecurity.net/1804-exploits/quixplorer241beta-xss.txtExploitThird Party Advisory
- https://dl.packetstormsecurity.net/1804-exploits/quixplorer241beta-xss.txtExploitThird Party Advisory
FAQ
What is CVE-2020-24902?
CVE-2020-24902 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially craf...
How severe is CVE-2020-24902?
CVE-2020-24902 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24902?
Check the references section above for vendor advisories and patch information. Affected products include: Quixplorer Project Quixplorer.