CVE-2020-8788 - OpenCVE

Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Synaptivemedical	Clearcanvas

Configuration 1 [-]

cpe:2.3:a:synaptivemedical:clearcanvas:3.0:alpha:*:*:*:*:*:*

References

Link	Resource
https://github.com/ClearCanvas/ClearCanvas/issues/227	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-07T13:07:53

Updated: 2020-02-07T13:07:53

Reserved: 2020-02-07T00:00:00

Link: CVE-2020-8788

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-07T14:15:11.437

Modified: 2020-02-11T19:48:39.207

Link: CVE-2020-8788

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synaptivemedical:clearcanvas:3.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "E65043C8-07DE-49E3-BFB6-E018EA8A4497", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report."}, {"lang": "es", "value": "Synaptive Medical ClearCanvas ImageServer versi\u00f3n 3.0 Alpha, permite un ataque de tipo XSS (e inyecci\u00f3n HTML) por medio del par\u00e1metro UserName del archivo Default.aspx. NOTA: la referencia issues/227 no implica que el producto afectado pueda ser descargado de GitHub. Era simplemente una ubicaci\u00f3n conveniente para un reporte de un bug p\u00fablico."}], "id": "CVE-2020-8788", "lastModified": "2020-02-11T19:48:39.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-07T14:15:11.437", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ClearCanvas/ClearCanvas/issues/227"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}