1. Home
  2. CVE Database
  3. CVE-2020-9028
MEDIUM · 6.1

CVE-2020-9028

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenanc...

Vulnerability Description

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MicrochipSyncserver S100 Firmware2.90.70.3
MicrochipSyncserver S100-
MicrochipSyncserver S200 Firmware1.30
MicrochipSyncserver S200-
MicrochipSyncserver S250 Firmware1.25
MicrochipSyncserver S250-
MicrochipSyncserver S300 Firmware2.65.0
MicrochipSyncserver S300-
MicrochipSyncserver S350 Firmware2.80.1
MicrochipSyncserver S350-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-9028?

CVE-2020-9028 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenanc...

How severe is CVE-2020-9028?

CVE-2020-9028 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9028?

Check the references section above for vendor advisories and patch information. Affected products include: Microchip Syncserver S100 Firmware, Microchip Syncserver S100, Microchip Syncserver S200 Firmware, Microchip Syncserver S200, Microchip Syncserver S250 Firmware.