Vulnerability Description
Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Niftypm | Nifty | 2020-08-26 |
Related Weaknesses (CWE)
References
- https://medium.com/%40muffydium/a-tale-of-reflected-xss-to-stored-which-ultimate
- https://niftypm.com/securityVendor Advisory
- https://medium.com/%40muffydium/a-tale-of-reflected-xss-to-stored-which-ultimate
- https://niftypm.com/securityVendor Advisory
FAQ
What is CVE-2020-25071?
CVE-2020-25071 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue wa...
How severe is CVE-2020-25071?
CVE-2020-25071 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25071?
Check the references section above for vendor advisories and patch information. Affected products include: Niftypm Nifty.