Vulnerability Details CVE-2020-26885
An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://burninatorsec.blogspot.com/2021/04/cve-2020-26885-xss-in-2sxc.html?m=1
- https://2SXC.org/en/blog/post/2sxc-security-notification-2021-001
- https://burninatorsec.blogspot.com/2020/10/cve-2020-26885-xss-in-anchor-tags.html
- https://github.com/2sic/2sxc/releases
- http://burninatorsec.blogspot.com/2021/04/cve-2020-26885-xss-in-2sxc.html?m=1
- https://2SXC.org/en/blog/post/2sxc-security-notification-2021-001
- https://burninatorsec.blogspot.com/2020/10/cve-2020-26885-xss-in-anchor-tags.html
- https://github.com/2sic/2sxc/releases
Products affected by CVE-2020-26885
-
cpe:2.3:a:2sic:2sxc:08.00.01
-
cpe:2.3:a:2sic:2sxc:08.00.02
-
cpe:2.3:a:2sic:2sxc:08.00.03
-
cpe:2.3:a:2sic:2sxc:08.00.04
-
cpe:2.3:a:2sic:2sxc:08.00.05
-
cpe:2.3:a:2sic:2sxc:08.00.06
-
cpe:2.3:a:2sic:2sxc:08.00.07
-
cpe:2.3:a:2sic:2sxc:08.00.08
-
cpe:2.3:a:2sic:2sxc:08.00.09
-
cpe:2.3:a:2sic:2sxc:08.00.10
-
cpe:2.3:a:2sic:2sxc:08.00.11
-
cpe:2.3:a:2sic:2sxc:08.00.12
-
cpe:2.3:a:2sic:2sxc:08.01.00
-
cpe:2.3:a:2sic:2sxc:08.01.01
-
cpe:2.3:a:2sic:2sxc:08.01.02
-
cpe:2.3:a:2sic:2sxc:08.01.03
-
cpe:2.3:a:2sic:2sxc:08.02.00
-
cpe:2.3:a:2sic:2sxc:08.02.01
-
cpe:2.3:a:2sic:2sxc:08.02.02
-
cpe:2.3:a:2sic:2sxc:08.02.03
-
cpe:2.3:a:2sic:2sxc:08.03.00
-
cpe:2.3:a:2sic:2sxc:08.03.01
-
cpe:2.3:a:2sic:2sxc:08.03.02
-
cpe:2.3:a:2sic:2sxc:08.03.03
-
cpe:2.3:a:2sic:2sxc:08.03.04
-
cpe:2.3:a:2sic:2sxc:08.03.05
-
cpe:2.3:a:2sic:2sxc:08.03.06
-
cpe:2.3:a:2sic:2sxc:08.03.07
-
cpe:2.3:a:2sic:2sxc:08.04.00
-
cpe:2.3:a:2sic:2sxc:08.04.00-fin
-
cpe:2.3:a:2sic:2sxc:08.04.00c
-
cpe:2.3:a:2sic:2sxc:08.04.00d
-
cpe:2.3:a:2sic:2sxc:08.04.00e
-
cpe:2.3:a:2sic:2sxc:08.04.00f
-
cpe:2.3:a:2sic:2sxc:08.04.00g
-
cpe:2.3:a:2sic:2sxc:08.04.00h
-
cpe:2.3:a:2sic:2sxc:08.04.00i
-
cpe:2.3:a:2sic:2sxc:08.04.00j
-
cpe:2.3:a:2sic:2sxc:08.04.01
-
cpe:2.3:a:2sic:2sxc:08.04.02
-
cpe:2.3:a:2sic:2sxc:08.04.03
-
cpe:2.3:a:2sic:2sxc:08.04.03-nl
-
cpe:2.3:a:2sic:2sxc:08.04.04
-
cpe:2.3:a:2sic:2sxc:08.04.05
-
cpe:2.3:a:2sic:2sxc:08.04.05-01
-
cpe:2.3:a:2sic:2sxc:08.04.05-02
-
cpe:2.3:a:2sic:2sxc:08.04.06
-
cpe:2.3:a:2sic:2sxc:08.04.07
-
cpe:2.3:a:2sic:2sxc:08.04.08
-
cpe:2.3:a:2sic:2sxc:08.05.00
-
cpe:2.3:a:2sic:2sxc:08.05.01
-
cpe:2.3:a:2sic:2sxc:08.05.02
-
cpe:2.3:a:2sic:2sxc:08.05.03
-
cpe:2.3:a:2sic:2sxc:08.05.04
-
cpe:2.3:a:2sic:2sxc:08.05.05
-
cpe:2.3:a:2sic:2sxc:08.05.06
-
cpe:2.3:a:2sic:2sxc:08.05.06.10
-
cpe:2.3:a:2sic:2sxc:08.05.06.11
-
cpe:2.3:a:2sic:2sxc:08.06.00
-
cpe:2.3:a:2sic:2sxc:08.07.00
-
cpe:2.3:a:2sic:2sxc:08.08.00
-
cpe:2.3:a:2sic:2sxc:08.08.01
-
cpe:2.3:a:2sic:2sxc:08.08.02
-
cpe:2.3:a:2sic:2sxc:08.09.00
-
cpe:2.3:a:2sic:2sxc:08.09.01
-
cpe:2.3:a:2sic:2sxc:08.10.00
-
cpe:2.3:a:2sic:2sxc:08.10.01
-
cpe:2.3:a:2sic:2sxc:08.11.00
-
cpe:2.3:a:2sic:2sxc:08.12.00
-
cpe:2.3:a:2sic:2sxc:09.00.00
-
cpe:2.3:a:2sic:2sxc:09.00.01
-
cpe:2.3:a:2sic:2sxc:09.00.02
-
cpe:2.3:a:2sic:2sxc:09.01.00
-
cpe:2.3:a:2sic:2sxc:09.01.01
-
cpe:2.3:a:2sic:2sxc:09.01.02
-
cpe:2.3:a:2sic:2sxc:09.01.03
-
cpe:2.3:a:2sic:2sxc:09.02.00
-
cpe:2.3:a:2sic:2sxc:09.03.00
-
cpe:2.3:a:2sic:2sxc:09.03.01
-
cpe:2.3:a:2sic:2sxc:09.03.02
-
cpe:2.3:a:2sic:2sxc:09.03.03
-
cpe:2.3:a:2sic:2sxc:09.04.00
-
cpe:2.3:a:2sic:2sxc:09.04.01
-
cpe:2.3:a:2sic:2sxc:09.04.02
-
cpe:2.3:a:2sic:2sxc:09.04.03
-
cpe:2.3:a:2sic:2sxc:09.05.00
-
cpe:2.3:a:2sic:2sxc:09.05.01
-
cpe:2.3:a:2sic:2sxc:09.05.02
-
cpe:2.3:a:2sic:2sxc:09.06.00
-
cpe:2.3:a:2sic:2sxc:09.06.01
-
cpe:2.3:a:2sic:2sxc:09.07.00
-
cpe:2.3:a:2sic:2sxc:09.08.00
-
cpe:2.3:a:2sic:2sxc:09.09.00
-
cpe:2.3:a:2sic:2sxc:09.10.00
-
cpe:2.3:a:2sic:2sxc:09.11.00
-
cpe:2.3:a:2sic:2sxc:09.11.01
-
cpe:2.3:a:2sic:2sxc:09.12.00
-
cpe:2.3:a:2sic:2sxc:09.13.00
-
cpe:2.3:a:2sic:2sxc:09.14.00
-
cpe:2.3:a:2sic:2sxc:09.20.00
-
cpe:2.3:a:2sic:2sxc:09.21.00
-
cpe:2.3:a:2sic:2sxc:09.22.00
-
cpe:2.3:a:2sic:2sxc:09.23.00
-
cpe:2.3:a:2sic:2sxc:09.30.00
-
cpe:2.3:a:2sic:2sxc:09.31.00
-
cpe:2.3:a:2sic:2sxc:09.32.00
-
cpe:2.3:a:2sic:2sxc:09.32.01
-
cpe:2.3:a:2sic:2sxc:09.33.00
-
cpe:2.3:a:2sic:2sxc:09.35.00
-
cpe:2.3:a:2sic:2sxc:09.40.00
-
cpe:2.3:a:2sic:2sxc:09.40.01
-
cpe:2.3:a:2sic:2sxc:09.41.00
-
cpe:2.3:a:2sic:2sxc:09.43.00
-
cpe:2.3:a:2sic:2sxc:09.43.01
-
cpe:2.3:a:2sic:2sxc:09.43.02
-
cpe:2.3:a:2sic:2sxc:10.00.00
-
cpe:2.3:a:2sic:2sxc:10.01.00
-
cpe:2.3:a:2sic:2sxc:10.02.00
-
cpe:2.3:a:2sic:2sxc:10.03.00
-
cpe:2.3:a:2sic:2sxc:10.04.00
-
cpe:2.3:a:2sic:2sxc:10.05.00
-
cpe:2.3:a:2sic:2sxc:10.06
-
cpe:2.3:a:2sic:2sxc:10.07.00
-
cpe:2.3:a:2sic:2sxc:10.08.00
-
cpe:2.3:a:2sic:2sxc:10.09.00
-
cpe:2.3:a:2sic:2sxc:10.09.01
-
cpe:2.3:a:2sic:2sxc:10.20.00
-
cpe:2.3:a:2sic:2sxc:10.20.01
-
cpe:2.3:a:2sic:2sxc:10.20.02
-
cpe:2.3:a:2sic:2sxc:10.20.03
-
cpe:2.3:a:2sic:2sxc:10.20.04
-
cpe:2.3:a:2sic:2sxc:10.20.05
-
cpe:2.3:a:2sic:2sxc:10.21.00
-
cpe:2.3:a:2sic:2sxc:10.22.00
-
cpe:2.3:a:2sic:2sxc:10.23.00
-
cpe:2.3:a:2sic:2sxc:10.24.00
-
cpe:2.3:a:2sic:2sxc:10.24.01
-
cpe:2.3:a:2sic:2sxc:10.25.00
-
cpe:2.3:a:2sic:2sxc:10.25.01
-
cpe:2.3:a:2sic:2sxc:10.25.02
-
cpe:2.3:a:2sic:2sxc:10.25.03
-
cpe:2.3:a:2sic:2sxc:10.25.04
-
cpe:2.3:a:2sic:2sxc:10.26.00
-
cpe:2.3:a:2sic:2sxc:10.27.00
-
cpe:2.3:a:2sic:2sxc:10.27.01
-
cpe:2.3:a:2sic:2sxc:10.28.00
-
cpe:2.3:a:2sic:2sxc:10.29.00
-
cpe:2.3:a:2sic:2sxc:10.30.00
-
cpe:2.3:a:2sic:2sxc:11.00.00
-
cpe:2.3:a:2sic:2sxc:11.01.00
-
cpe:2.3:a:2sic:2sxc:11.02.00
-
cpe:2.3:a:2sic:2sxc:11.03.00
-
cpe:2.3:a:2sic:2sxc:11.04.00
-
cpe:2.3:a:2sic:2sxc:11.05.00
-
cpe:2.3:a:2sic:2sxc:11.06.00
-
cpe:2.3:a:2sic:2sxc:11.06.01
-
cpe:2.3:a:2sic:2sxc:11.07.00
-
cpe:2.3:a:2sic:2sxc:11.07.01
-
cpe:2.3:a:2sic:2sxc:11.07.02
-
cpe:2.3:a:2sic:2sxc:11.07.03
-
cpe:2.3:a:2sic:2sxc:11.10.00
-
cpe:2.3:a:2sic:2sxc:11.10.01
-
cpe:2.3:a:2sic:2sxc:11.11.00
-
cpe:2.3:a:2sic:2sxc:11.11.01
-
cpe:2.3:a:2sic:2sxc:11.11.02
-
cpe:2.3:a:2sic:2sxc:11.11.03
-
cpe:2.3:a:2sic:2sxc:11.11.03-quick1
-
cpe:2.3:a:2sic:2sxc:11.11.03-quick2
-
cpe:2.3:a:2sic:2sxc:11.11.03-quick3
-
cpe:2.3:a:2sic:2sxc:11.11.03-quick4
-
cpe:2.3:a:2sic:2sxc:11.11.03-quick5
-
cpe:2.3:a:2sic:2sxc:11.11.04
-
cpe:2.3:a:2sic:2sxc:11.12.00
-
cpe:2.3:a:2sic:2sxc:11.12.01
-
cpe:2.3:a:2sic:2sxc:11.20.00
-
cpe:2.3:a:2sic:2sxc:11.21.00
-
cpe:2.3:a:2sic:2sxc:11.21.01
-
cpe:2.3:a:2sic:2sxc:11.21.02
-
cpe:2.3:a:2sic:2sxc:8.00.00
-
cpe:2.3:a:2sic:2sxc:9.42.00