Vulnerability Details CVE-2020-5901
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 9.3
References
Products affected by CVE-2020-5901
-
cpe:2.3:a:f5:nginx_controller:3.3.0
-
cpe:2.3:a:f5:nginx_controller:3.4.0