Cross-Site Scripting Vulnerability in MB connect line mymbCONNECT24 Software
CVE-2020-12530

4.3MEDIUM

Key Information:

Vendor: Mb Connect Line
Status: Mymbconnect24; Mbconnect24
Vendor: CVE Published:; 2 March 2021

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2020-12530?

A Cross-Site Scripting (XSS) vulnerability exists in the MB connect line mymbCONNECT24 and mbCONNECT24 software, allowing attackers to inject malicious code through the 'get' parameter in redirect.php. This issue affects all versions through V2.6.2 and poses a significant risk to user security by potentially allowing unauthorized actions or data exposure.

Affected Version(s)

mbCONNECT24 2.6.2

mymbCONNECT24 2.6.2

References

https://cert.vde.com/de-de/advisories/vde-2021-003

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Apr 30, 2020

Credit

OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.