In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2020010032 | Exploit Third Party Advisory |
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-28T14:46:26
Updated: 2021-04-28T14:46:26
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-21993
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-28T15:15:07.883
Modified: 2021-05-05T20:25:58.980
Link: CVE-2020-21993
JSON object: View
Redhat Information
No data.
CWE