CVE-2020-28365

Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Configurations

Configuration 1 (hide)

cpe:2.3:a:sapplica:sentrifugo:3.2:*:*:*:*:*:*:*

History

07 Nov 2023, 03:21

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Information

Published : 2020-12-30 19:15

Updated : 2024-08-04 17:15


NVD link : CVE-2020-28365

Mitre link : CVE-2020-28365

CVE.ORG link : CVE-2020-28365


JSON object : View

Products Affected

sapplica

  • sentrifugo
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')