Vulnerability Description
htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sockjs Project | Sockjs | < 0.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/theyiyibest/Reflected-XSS-on-SockJSExploitPatchThird Party Advisory
- https://github.com/theyiyibest/Reflected-XSS-on-SockJS/issues/1Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SOCKJS-548397Third Party Advisory
- https://www.sockjs.orgVendor Advisory
- https://github.com/theyiyibest/Reflected-XSS-on-SockJSExploitPatchThird Party Advisory
- https://github.com/theyiyibest/Reflected-XSS-on-SockJS/issues/1Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SOCKJS-548397Third Party Advisory
- https://www.sockjs.orgVendor Advisory
FAQ
What is CVE-2020-8823?
CVE-2020-8823 is a vulnerability with a CVSS score of 6.1 (MEDIUM). htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter.
How severe is CVE-2020-8823?
CVE-2020-8823 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8823?
Check the references section above for vendor advisories and patch information. Affected products include: Sockjs Project Sockjs.