CVE-2020-21993
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
En WEMS Limited Enterprise Manager versión 2.58, la entrada pasada al parámetro GET "email" no se sanea apropiadamente antes de ser devuelta al usuario. Esto puede ser explotado para ejecutar código HTML arbitrario en la sesión del navegador de un usuario en el contexto de un sitio afectado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-08-13 CVE Reserved
- 2021-04-28 CVE Published
- 2024-01-12 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2020010032 | 2024-08-04 | |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wems Search vendor "Wems" | Enterprise Manager Search vendor "Wems" for product "Enterprise Manager" | 2.19.7959 Search vendor "Wems" for product "Enterprise Manager" and version "2.19.7959" | - |
Affected
| ||||||
| Wems Search vendor "Wems" | Enterprise Manager Search vendor "Wems" for product "Enterprise Manager" | 2.55.8782 Search vendor "Wems" for product "Enterprise Manager" and version "2.55.8782" | - |
Affected
| ||||||
| Wems Search vendor "Wems" | Enterprise Manager Search vendor "Wems" for product "Enterprise Manager" | 2.55.8806 Search vendor "Wems" for product "Enterprise Manager" and version "2.55.8806" | - |
Affected
| ||||||
| Wems Search vendor "Wems" | Enterprise Manager Search vendor "Wems" for product "Enterprise Manager" | 2.58.8903 Search vendor "Wems" for product "Enterprise Manager" and version "2.58.8903" | - |
Affected
| ||||||