CVE-2020-1943

Medium

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

apache·CWE-79·Published 2020-04-01

CVSS

6.1

EPSS

0.97

KEV

Exploits

cve.orgen

120 chars

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

NVDen

120 chars

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

Los datos enviados con contentId hacia /control/stream no son saneados, permitiendo ataques de tipo XSS en Apache OFBiz versiones 16.11.01 hasta 16.11.07.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N