Cross-site scripting in neon - CVE-2020-23576

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU46236

Cross-site scripting in neon - CVE-2020-23576

Published: August 27, 2020 / Updated: September 3, 2020


Vulnerability identifier: #VU46236
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-23576
CWE-ID: CWE-79
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
neon
Software vendor:
webdav.org

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.


Remediation

Install update from vendor's website.

External links