Vulnerability Details CVE-2020-36654
A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.8%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 4.0
References
- https://github.com/GENI-NSF/geni-portal/commit/39a96fb4b822bd3497442a96135de498d4a81337
- https://github.com/GENI-NSF/geni-portal/pull/1824
- https://vuldb.com/?ctiid.218475
- https://vuldb.com/?id.218475
- https://github.com/GENI-NSF/geni-portal/commit/39a96fb4b822bd3497442a96135de498d4a81337
- https://github.com/GENI-NSF/geni-portal/pull/1824
- https://vuldb.com/?ctiid.218475
- https://vuldb.com/?id.218475
Products affected by CVE-2020-36654
-
cpe:2.3:a:geni:geni-portal:-
-
cpe:2.3:a:geni:geni-portal:2020-01-29