Vulnerability Details CVE-2020-11499
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 4.3
References
Products affected by CVE-2020-11499
-
Firmware Analysis And Comparison Tool Project » Firmware Analysis And Comparison Tool » Version: 3.0cpe:2.3:a:firmware_analysis_and_comparison_tool_project:firmware_analysis_and_comparison_tool:3.0