CVE-2020-5317
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Dell EMC ECS versiones anteriores a 3.4.0.1, presentan una vulnerabilidad de tipo XSS. Un usuario malicioso autenticado remoto podría explotar esta vulnerabilidad para almacenar código HTML o JavaScript malicioso en un almacén de datos de aplicaciones de confianza. Cuando los usuarios víctimas acceden al almacén de datos por medio de sus navegadores, el código malicioso es ejecutado mediante el navegador en el contexto de la aplicación web vulnerable.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-03 CVE Reserved
- 2020-02-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Emc Elastic Cloud Storage Search vendor "Dell" for product "Emc Elastic Cloud Storage" | < 3.4.0.1 Search vendor "Dell" for product "Emc Elastic Cloud Storage" and version " < 3.4.0.1" | - |
Affected
| ||||||