Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
https://github.com/sapplica/sentrifugo/commits/master | Patch Third Party Advisory |
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-055 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
Summary | Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
Information
Published : 2020-12-30 19:15
Updated : 2024-08-04 17:15
NVD link : CVE-2020-28365
Mitre link : CVE-2020-28365
CVE.ORG link : CVE-2020-28365
JSON object : View
Products Affected
sapplica
- sentrifugo
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')