Cross Site Scripting Vulnerability in Codiad by Codiad
CVE-2020-14042

6.1MEDIUM

Key Information:

Vendor

Codiad

Status
Codiad
Vendor
CVE Published:
25 August 2020

What is CVE-2020-14042?

A Cross Site Scripting (XSS) vulnerability exists in Codiad due to insufficient sanitization of the folder name variable in the file management component. This can allow an attacker to inject malicious scripts that could be executed in the context of a user's browser. It is important to note that Codiad is no longer actively maintained, which may leave users vulnerable to this and other unaddressed security issues.

References

https://github.com/Codiad/Codiad/blob/master/README.md
x_refsource_MISC
https://github.com/Codiad/Codiad/issues/1122
x_refsource_MISC
https://advisory.checkmarx.net/advisory/CX-2020-4278
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.