CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13893

Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.5%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://gist.github.com/picar0jsu/4532a6d15e8f8d7597b7dca5136ad655
https://www.sage.com/en-sg/products/sage-easypay/
https://gist.github.com/picar0jsu/4532a6d15e8f8d7597b7dca5136ad655
https://www.sage.com/en-sg/products/sage-easypay/

Products affected by CVE-2020-13893

Sage » Easypay » Version: 10.7.5.10

cpe:2.3:a:sage:easypay:10.7.5.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13893

Products

Pricing

Contact Us