CVE-2020-21987

medium

Description

HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5556.php

https://www.exploit-db.com/exploits/47806

Details

Source: Mitre, NVD

Published: 2021-04-27

Updated: 2021-05-10

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium