Description
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
Published: 2020-02-17
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2020-29858 Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
History

No history.

Subscriptions

Microchip Syncserver S100 Syncserver S100 Firmware Syncserver S200 Syncserver S200 Firmware Syncserver S250 Syncserver S250 Firmware Syncserver S300 Syncserver S300 Firmware Syncserver S350 Syncserver S350 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T10:19:19.795Z

Reserved: 2020-02-17T00:00:00.000Z

Link: CVE-2020-9028

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-17T04:15:11.327

Modified: 2024-11-21T05:39:51.643

Link: CVE-2020-9028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses