CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28930

A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-2
https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-2

Products affected by CVE-2020-28930

Epson » Eps Tse Server 8 » Version: N/A

cpe:2.3:h:epson:eps_tse_server_8:-
Epson » Eps Tse Server 8 Firmware » Version: 21.0.11

cpe:2.3:o:epson:eps_tse_server_8_firmware:21.0.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28930

Products

Pricing

Contact Us