CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11106

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2020-11106

Tecrail » Responsive Filemanager » Version: N/A

cpe:2.3:a:tecrail:responsive_filemanager:-
Tecrail » Responsive Filemanager » Version: .9.10.1

cpe:2.3:a:tecrail:responsive_filemanager:.9.10.1
Tecrail » Responsive Filemanager » Version: .9.14.0

cpe:2.3:a:tecrail:responsive_filemanager:.9.14.0
Tecrail » Responsive Filemanager » Version: 9.10.0

cpe:2.3:a:tecrail:responsive_filemanager:9.10.0
Tecrail » Responsive Filemanager » Version: 9.10.1

cpe:2.3:a:tecrail:responsive_filemanager:9.10.1
Tecrail » Responsive Filemanager » Version: 9.10.2

cpe:2.3:a:tecrail:responsive_filemanager:9.10.2
Tecrail » Responsive Filemanager » Version: 9.11.0

cpe:2.3:a:tecrail:responsive_filemanager:9.11.0
Tecrail » Responsive Filemanager » Version: 9.11.3

cpe:2.3:a:tecrail:responsive_filemanager:9.11.3
Tecrail » Responsive Filemanager » Version: 9.12.0

cpe:2.3:a:tecrail:responsive_filemanager:9.12.0
Tecrail » Responsive Filemanager » Version: 9.12.1

cpe:2.3:a:tecrail:responsive_filemanager:9.12.1
Tecrail » Responsive Filemanager » Version: 9.12.2

cpe:2.3:a:tecrail:responsive_filemanager:9.12.2
Tecrail » Responsive Filemanager » Version: 9.13.0

cpe:2.3:a:tecrail:responsive_filemanager:9.13.0
Tecrail » Responsive Filemanager » Version: 9.13.1

cpe:2.3:a:tecrail:responsive_filemanager:9.13.1
Tecrail » Responsive Filemanager » Version: 9.13.3

cpe:2.3:a:tecrail:responsive_filemanager:9.13.3
Tecrail » Responsive Filemanager » Version: 9.13.4

cpe:2.3:a:tecrail:responsive_filemanager:9.13.4
Tecrail » Responsive Filemanager » Version: 9.14.0

cpe:2.3:a:tecrail:responsive_filemanager:9.14.0
Tecrail » Responsive Filemanager » Version: 9.6.0

cpe:2.3:a:tecrail:responsive_filemanager:9.6.0
Tecrail » Responsive Filemanager » Version: 9.7.2

cpe:2.3:a:tecrail:responsive_filemanager:9.7.2
Tecrail » Responsive Filemanager » Version: 9.7.3

cpe:2.3:a:tecrail:responsive_filemanager:9.7.3
Tecrail » Responsive Filemanager » Version: 9.8

cpe:2.3:a:tecrail:responsive_filemanager:9.8
Tecrail » Responsive Filemanager » Version: 9.8.1

cpe:2.3:a:tecrail:responsive_filemanager:9.8.1
Tecrail » Responsive Filemanager » Version: 9.9.0

cpe:2.3:a:tecrail:responsive_filemanager:9.9.0
Tecrail » Responsive Filemanager » Version: 9.9.1

cpe:2.3:a:tecrail:responsive_filemanager:9.9.1
Tecrail » Responsive Filemanager » Version: 9.9.2

cpe:2.3:a:tecrail:responsive_filemanager:9.9.2
Tecrail » Responsive Filemanager » Version: 9.9.3

cpe:2.3:a:tecrail:responsive_filemanager:9.9.3
Tecrail » Responsive Filemanager » Version: 9.9.4

cpe:2.3:a:tecrail:responsive_filemanager:9.9.4
Tecrail » Responsive Filemanager » Version: 9.9.5

cpe:2.3:a:tecrail:responsive_filemanager:9.9.5
Tecrail » Responsive Filemanager » Version: 9.9.6

cpe:2.3:a:tecrail:responsive_filemanager:9.9.6
Tecrail » Responsive Filemanager » Version: 9.9.7

cpe:2.3:a:tecrail:responsive_filemanager:9.9.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11106

Products

Pricing

Contact Us