CVE-2020-16270

Published: 16/10/2020 Updated: 21/10/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
olimpoks olimpok

CVE-2020-16270 [Suggested description]: OLIMPOKS under 3339 allows Auth/Admin ErrorMessage XSS Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phi

CWE-79 https://olimpoks.ru/oks/forum/olimpoks5.php https://bdu.fstec.ru/vul/2020-04623 https://github.com/Security-AVS/CVE-2020-16270 https://nvd.nist.gov https://github.com/Security-AVS/CVE-2020-16270

CVE-2020-16270

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect