WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5398)

Description

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Remediation

References

Related Vulnerabilities

WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)

WordPress Plugin Joy Of Text Lite-SMS messaging for WordPress SQL Injection (2.3.0)

WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2023-28625)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35157)

Severity

High

Classification

CVE-2020-5398 CWE-707 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities