CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25102

silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2020-25102

Advanced Reports Project » Advanced Reports » Version: 1.0

cpe:2.3:a:advanced_reports_project:advanced_reports:1.0
Advanced Reports Project » Advanced Reports » Version: 1.1.0

cpe:2.3:a:advanced_reports_project:advanced_reports:1.1.0
Advanced Reports Project » Advanced Reports » Version: 1.1.1

cpe:2.3:a:advanced_reports_project:advanced_reports:1.1.1
Advanced Reports Project » Advanced Reports » Version: 1.1.2

cpe:2.3:a:advanced_reports_project:advanced_reports:1.1.2
Advanced Reports Project » Advanced Reports » Version: 1.1.3

cpe:2.3:a:advanced_reports_project:advanced_reports:1.1.3
Advanced Reports Project » Advanced Reports » Version: 2.0

cpe:2.3:a:advanced_reports_project:advanced_reports:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25102

Products

Pricing

Contact Us