OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
References
| Link | Resource |
|---|---|
| http://openasset.com | Product |
| https://www.themissinglink.com.au/security-advisories-cve-2020-28859 | Third Party Advisory |
| http://openasset.com | Product |
| https://www.themissinglink.com.au/security-advisories-cve-2020-28859 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://openasset.com - Product | |
| References | () https://www.themissinglink.com.au/security-advisories-cve-2020-28859 - Third Party Advisory |
Information
Published : 2020-12-14 19:15
Updated : 2024-11-21 05:23
NVD link : CVE-2020-28859
Mitre link : CVE-2020-28859
CVE.ORG link : CVE-2020-28859
JSON object : View
Products Affected
openasset
- digital_asset_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')