CVE-2019-20798

HIGH Year: 2019
CVSS v3 Score
8.4
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.

Related Vulnerabilities

CVE-2019-11132

HIGH
CVSS:8.4(High)

Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.

CWE-792019

CVE-2019-3747

HIGH
CVSS:8.4(High)

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to...

CWE-792019

CVE-2019-6636

HIGH
CVSS:8.4(High)

On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4, a stored cross-site scripting vulnerability in AFM feed list. In the worst case, an attacker c...

CWE-792019

CVE-2020-5945

HIGH
CVSS:8.4(High)

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalatio...

CWE-792020

CVE-2020-7006

HIGH
CVSS:8.4(High)

Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Successful exploitation of this vulnerability could allow information disclosure, limit system availabil...

CWE-792020

CVE-2021-25267

HIGH
CVSS:8.4(High)

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.

CWE-792021