CVE-2020-24390 - Vulnerability Details - OpenCVE

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00391.

Key SSVC decision points have not yet been added.

Vendors	Products
Eyesofnetwork	Eyesofnetwork

Configuration 1 [-]

cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-17122	eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b
https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7
https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-27T15:24:25

Updated: 2024-08-04T15:12:08.645Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24390

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-27T16:15:11.503

Modified: 2024-11-21T05:14:43.613

Link: CVE-2020-24390

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-27T15:24:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390", "refsource": "MISC", "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"name": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7", "refsource": "CONFIRM", "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"name": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b", "refsource": "CONFIRM", "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24390", "datePublished": "2020-08-27T15:24:25", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:08.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B3F1A66-3431-4156-ADB3-A72EAD9658F6", "versionEndExcluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}, {"lang": "es", "value": "eonweb en EyesOfNetwork versiones anteriores a 5.3-7, no escapa apropiadamente el nombre de usuario en la p\u00e1gina /module/admin_logs, lo que podr\u00eda permitir una autenticaci\u00f3n previa de tipo XSS almacenado durante la grabaci\u00f3n de registros de inicio y cierre de sesi\u00f3n"}], "id": "CVE-2020-24390", "lastModified": "2024-11-21T05:14:43.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-27T16:15:11.503", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}