CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28502

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.174

EPSS Ranking 94.7%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2020-28502

Xmlhttprequest Project » Xmlhttprequest » Version: 1.0.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.0.0
Xmlhttprequest Project » Xmlhttprequest » Version: 1.2.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.2.0
Xmlhttprequest Project » Xmlhttprequest » Version: 1.2.1

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.2.1
Xmlhttprequest Project » Xmlhttprequest » Version: 1.2.2

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.2.2
Xmlhttprequest Project » Xmlhttprequest » Version: 1.3.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.3.0
Xmlhttprequest Project » Xmlhttprequest » Version: 1.4.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.4.0
Xmlhttprequest Project » Xmlhttprequest » Version: 1.4.2

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.4.2
Xmlhttprequest Project » Xmlhttprequest » Version: 1.5.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.5.0
Xmlhttprequest Project » Xmlhttprequest » Version: 1.6.0

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:1.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28502

Products

Pricing

Contact Us