Vulnerability Details CVE-2020-28184
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-28184
-
cpe:2.3:o:terra-master:tos:-
-
cpe:2.3:o:terra-master:tos:4.0.02
-
cpe:2.3:o:terra-master:tos:4.0.09
-
cpe:2.3:o:terra-master:tos:4.0.17
-
cpe:2.3:o:terra-master:tos:4.0.18
-
cpe:2.3:o:terra-master:tos:4.1.18
-
cpe:2.3:o:terra-master:tos:4.1.21
-
cpe:2.3:o:terra-master:tos:4.1.24
-
cpe:2.3:o:terra-master:tos:4.1.27
-
cpe:2.3:o:terra-master:tos:4.1.28
-
cpe:2.3:o:terra-master:tos:4.1.29
-
cpe:2.3:o:terra-master:tos:4.1.30
-
cpe:2.3:o:terra-master:tos:4.1.31
-
cpe:2.3:o:terra-master:tos:4.2.04
-
cpe:2.3:o:terra-master:tos:4.2.05
-
cpe:2.3:o:terra-master:tos:4.2.06