// For flags

CVE-2020-11106

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized.

Se detectó un problema en Responsive Filemanager versiones hasta 9.14.0. En la página dialog.php, la variable de sesión $_SESSION['RF']["view_type"] no era saneada si ya estaba configurada. Esto hizo posible un ataque de tipo XSS almacenado si uno abre el archivo ajax_calls.php y usa la acción "view" y coloca una carga útil en el parámetro type, y luego regresa a la página dialog.php. Esto ocurre porque el archivo ajax_calls.php también fue capaz de establecer la variable $_SESSION['RF']["view_type"], pero no fue saneada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-03-30 CVE Reserved
  • 2020-03-30 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://github.com/trippo/ResponsiveFilemanager/issues/603 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tecrail
Search vendor "Tecrail"
 Responsive Filemanager
Search vendor "Tecrail" for product "Responsive Filemanager"
 <= 9.14.0
Search vendor "Tecrail" for product "Responsive Filemanager" and version " <= 9.14.0"
-
Affected