CVE-2020-24390 - OpenCVE

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eyesofnetwork	Eyesofnetwork

Configuration 1 [-]

cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b
https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7
https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-27T15:24:25

Updated: 2024-08-04T15:12:08.645Z

Reserved: 2020-08-19T00:00:00

Link: CVE-2020-24390

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-27T16:15:11.503

Modified: 2020-09-02T16:57:00.263

Link: CVE-2020-24390

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-27T15:24:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24390", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390", "refsource": "MISC", "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"name": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7", "refsource": "CONFIRM", "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"name": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b", "refsource": "CONFIRM", "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.645Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24390", "datePublished": "2020-08-27T15:24:25", "dateReserved": "2020-08-19T00:00:00", "dateUpdated": "2024-08-04T15:12:08.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B3F1A66-3431-4156-ADB3-A72EAD9658F6", "versionEndExcluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording."}, {"lang": "es", "value": "eonweb en EyesOfNetwork versiones anteriores a 5.3-7, no escapa apropiadamente el nombre de usuario en la p\u00e1gina /module/admin_logs, lo que podr\u00eda permitir una autenticaci\u00f3n previa de tipo XSS almacenado durante la grabaci\u00f3n de registros de inicio y cierre de sesi\u00f3n"}], "id": "CVE-2020-24390", "lastModified": "2020-09-02T16:57:00.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-27T16:15:11.503", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/commit/c416b52d3b500d96ab40875f95b7c7939628854b"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/EyesOfNetworkCommunity/eonweb/releases/tag/5.3-7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.eyesofnetwork.com/fr/news/fr-CVE-2020-24390"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}