CVE-2020-36654

CVSS V2 None CVSS V3 None
Description
A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475.
Overview
  • CVE ID
  • CVE-2020-36654
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-18T08:15:10
  • Last Modified Date
  • 2023-01-25T19:25:21
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:geni:geni-portal:*:*:*:*:*:*:*:* 1 OR 2020-08-27
References
Reference URL Reference Tags
https://github.com/GENI-NSF/geni-portal/commit/39a96fb4b822bd3497442a96135de498d4a81337
https://github.com/GENI-NSF/geni-portal/pull/1824
https://vuldb.com/?ctiid.218475
https://vuldb.com/?id.218475
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-36654
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36654
History
Created Old Value New Value Data Type Notes
2023-01-18 09:14:44 Added to TrackCVE
2023-01-18 09:14:44 Weakness Enumeration new
2023-01-18 14:15:43 2023-01-18T13:54:48 CVE Modified Date updated
2023-01-18 14:15:43 Received Awaiting Analysis Vulnerability Status updated
2023-01-18 14:15:47 CVSS V3 information new
2023-01-18 14:15:47 CVSS V2 information new
2023-01-25 13:13:35 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-25 13:13:37 CVSS V3 information new
2023-01-25 13:13:37 CVSS V2 information new
2023-01-25 20:13:46 2023-01-25T19:25:21 CVE Modified Date updated
2023-01-25 20:13:46 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-25 20:13:49 CPE Information updated
2023-01-25 20:13:49 CVSS V3 information new
2023-01-25 20:13:50 CVSS V2 information new