Vulnerability Description
A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Geni | Geni-Portal | < 2020-08-27 |
Related Weaknesses (CWE)
References
- https://github.com/GENI-NSF/geni-portal/commit/39a96fb4b822bd3497442a96135de498dPatch
- https://github.com/GENI-NSF/geni-portal/pull/1824Patch
- https://vuldb.com/?ctiid.218475Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.218475Third Party AdvisoryVDB Entry
- https://github.com/GENI-NSF/geni-portal/commit/39a96fb4b822bd3497442a96135de498dPatch
- https://github.com/GENI-NSF/geni-portal/pull/1824Patch
- https://vuldb.com/?ctiid.218475Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.218475Third Party AdvisoryVDB Entry
FAQ
What is CVE-2020-36654?
CVE-2020-36654 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argum...
How severe is CVE-2020-36654?
CVE-2020-36654 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36654?
Check the references section above for vendor advisories and patch information. Affected products include: Geni Geni-Portal.