CVE-2020-9028
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
Los dispositivos Symmetricom SyncServer S100 versión 2.90.70.3, S200 versión 1.30, S250 versión 1.25, S300 versión 2.65.0 y S350 versión 2.80.1, permiten un ataque de tipo XSS almacenado por medio del parámetro newUserName en la pantalla "User Creation, Deletion and Password Maintenance" (cuando se crea un nuevo usuario).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-02-17 CVE Reserved
- 2020-02-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_95.html | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microchip Search vendor "Microchip" | Syncserver S100 Firmware Search vendor "Microchip" for product "Syncserver S100 Firmware" | 2.90.70.3 Search vendor "Microchip" for product "Syncserver S100 Firmware" and version "2.90.70.3" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S100 Search vendor "Microchip" for product "Syncserver S100" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Syncserver S200 Firmware Search vendor "Microchip" for product "Syncserver S200 Firmware" | 1.30 Search vendor "Microchip" for product "Syncserver S200 Firmware" and version "1.30" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S200 Search vendor "Microchip" for product "Syncserver S200" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Syncserver S250 Firmware Search vendor "Microchip" for product "Syncserver S250 Firmware" | 1.25 Search vendor "Microchip" for product "Syncserver S250 Firmware" and version "1.25" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S250 Search vendor "Microchip" for product "Syncserver S250" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Syncserver S300 Firmware Search vendor "Microchip" for product "Syncserver S300 Firmware" | 2.65.0 Search vendor "Microchip" for product "Syncserver S300 Firmware" and version "2.65.0" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S300 Search vendor "Microchip" for product "Syncserver S300" | - | - |
Safe
|
| Microchip Search vendor "Microchip" | Syncserver S350 Firmware Search vendor "Microchip" for product "Syncserver S350 Firmware" | 2.80.1 Search vendor "Microchip" for product "Syncserver S350 Firmware" and version "2.80.1" | - |
Affected
| in | Microchip Search vendor "Microchip" | Syncserver S350 Search vendor "Microchip" for product "Syncserver S350" | - | - |
Safe
|