Vulnerability Details CVE-2020-24902
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 4.3
References
Products affected by CVE-2020-24902
-
cpe:2.3:a:quixplorer_project:quixplorer:-
-
cpe:2.3:a:quixplorer_project:quixplorer:1.0
-
cpe:2.3:a:quixplorer_project:quixplorer:1.1
-
cpe:2.3:a:quixplorer_project:quixplorer:1.2
-
cpe:2.3:a:quixplorer_project:quixplorer:1.4
-
cpe:2.3:a:quixplorer_project:quixplorer:1.5
-
cpe:2.3:a:quixplorer_project:quixplorer:1.6
-
cpe:2.3:a:quixplorer_project:quixplorer:2.0
-
cpe:2.3:a:quixplorer_project:quixplorer:2.1.1
-
cpe:2.3:a:quixplorer_project:quixplorer:2.2
-
cpe:2.3:a:quixplorer_project:quixplorer:2.3
-
cpe:2.3:a:quixplorer_project:quixplorer:2.3.1
-
cpe:2.3:a:quixplorer_project:quixplorer:2.3.2
-
cpe:2.3:a:quixplorer_project:quixplorer:2.4.1