Cross-Site Scripting Vulnerability in Zhiyuan G6 Government Collaboration System
CVE-2020-20545

5.4MEDIUM

Key Information:

Vendor: Seeyon
Status: G6 Government Collaborative System
Vendor: CVE Published:; 30 March 2021

What is CVE-2020-20545?

A Cross-Site Scripting (XSS) vulnerability exists in the Zhiyuan G6 Government Collaboration System V6.1SP1, allowing attackers to inject malicious scripts via the 'method' parameter in the 'seeyon/hrSalary.do' endpoint. This can lead to unauthorized actions being performed on behalf of users, potentially compromising sensitive information and system integrity.

References

http://note.youdao.com/noteshare?id=51d8946722c0304b5bfd7...

x_refsource_MISC

http://note.youdao.com/noteshare?id=29f908204968a79233c1c...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2021
Vulnerability Reserved
Aug 13, 2020

JSON

Seeyon

What is CVE-2020-20545?

References

CVSS V3.1

Timeline