CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26574

Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.2%

CVSS Severity

CVSS v3 Score 9.6

CVSS v2 Score 9.3

References

Products affected by CVE-2020-26574

Leostream » Connection Broker » Version: 8.2.15

cpe:2.3:a:leostream:connection_broker:8.2.15
Leostream » Connection Broker » Version: 8.2.17

cpe:2.3:a:leostream:connection_broker:8.2.17
Leostream » Connection Broker » Version: 8.2.27

cpe:2.3:a:leostream:connection_broker:8.2.27
Leostream » Connection Broker » Version: 8.2.33

cpe:2.3:a:leostream:connection_broker:8.2.33
Leostream » Connection Broker » Version: 8.2.37

cpe:2.3:a:leostream:connection_broker:8.2.37
Leostream » Connection Broker » Version: 8.2.52

cpe:2.3:a:leostream:connection_broker:8.2.52
Leostream » Connection Broker » Version: 8.2.63

cpe:2.3:a:leostream:connection_broker:8.2.63
Leostream » Connection Broker » Version: 8.2.67

cpe:2.3:a:leostream:connection_broker:8.2.67
Leostream » Connection Broker » Version: 8.2.71

cpe:2.3:a:leostream:connection_broker:8.2.71
Leostream » Connection Broker » Version: 8.2.72

cpe:2.3:a:leostream:connection_broker:8.2.72
Leostream » Connection Broker » Version: 8.2.73

cpe:2.3:a:leostream:connection_broker:8.2.73

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26574

Products

Pricing

Contact Us