Sunnet eHRD - Cross-Site Scripting
CVE-2020-10509

6.1MEDIUM

Key Information:

Vendor

Sunnet

Status
Ehrd
Vendor
CVE Published:
27 March 2020

What is CVE-2020-10509?

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

Affected Version(s)

eHRD 8

eHRD 9

References

https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-...
x_refsource_CONFIRM
https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.