Cross-Site Scripting Vulnerability in Bitcoin-Abe from Bitcoin-Abe, Inc.
CVE-2020-11944

6.1MEDIUM

Key Information:

Vendor

Bitcoin-abe Project

Status
Bitcoin-abe
Vendor
CVE Published:
20 April 2020

What is CVE-2020-11944?

A cross-site scripting vulnerability exists in Bitcoin-Abe versions 0.7.2 and 0.8pre due to improper handling of the PATH_INFO environment variable during a PageNotFound exception in the abe.py file. This flaw can potentially allow an attacker to inject malicious scripts into web pages viewed by other users, undermining the security of the web application and harming its audience.

References

https://github.com/bitcoin-abe/bitcoin-abe/blob/d33f6e85d...
x_refsource_MISC
https://geeknik-labs.com
x_refsource_MISC
https://github.com/bitcoin-abe/bitcoin-abe/issues/292
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.