CVE-2020-7011

MEDIUM Year: 2020
CVSS v3 Score
6.1
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-84
View all →

Vulnerability Description

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser.

Related Vulnerabilities

CVE-2021-3824

MEDIUM
CVSS:6.1(Medium)

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CWE-842021

CVE-2024-45045

MEDIUM
CVSS:6.1(Medium)

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url en...

CWE-842024

CVE-2025-25323

MEDIUM
CVSS:5.5(Medium)

An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25324

MEDIUM
CVSS:5.5(Medium)

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25325

MEDIUM
CVSS:5.5(Medium)

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25326

MEDIUM
CVSS:5.5(Medium)

An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025