Vulnerability Details CVE-2020-24666
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-24666
-
cpe:2.3:a:hitachi:vantara_pentaho:7.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:7.1.0.25
-
cpe:2.3:a:hitachi:vantara_pentaho:8.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:8.2.0.6
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.25
-
cpe:2.3:a:hitachi:vantara_pentaho:8.3.0.9
-
cpe:2.3:a:hitachi:vantara_pentaho:9.0.0
-
cpe:2.3:a:hitachi:vantara_pentaho:9.0.0.1
-
cpe:2.3:a:hitachi:vantara_pentaho:9.1.0.0