ByteOS Network

NVD Vulnerability Details :

CVE-2020-21993

Analyzed

Source-cve@mitre.org

Published At-28 Apr, 2021 | 15:15

Updated At-05 May, 2021 | 20:25

In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

wems>>enterprise_manager>>2.19.7959

cpe:2.3:a:wems:enterprise_manager:2.19.7959:*:*:*:*:*:*:*

wems>>enterprise_manager>>2.55.8782

cpe:2.3:a:wems:enterprise_manager:2.55.8782:*:*:*:*:*:*:*

wems>>enterprise_manager>>2.55.8806

cpe:2.3:a:wems:enterprise_manager:2.55.8806:*:*:*:*:*:*:*

wems>>enterprise_manager>>2.58.8903

cpe:2.3:a:wems:enterprise_manager:2.58.8903:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://cxsecurity.com/issue/WLB-2020010032	cve@mitre.org	Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php	cve@mitre.org	Exploit Third Party Advisory

Hyperlink: https://cxsecurity.com/issue/WLB-2020010032

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History