Description

HESK before 3.1.10 allows reflected XSS.

Remediation

References

CVE-2020-13897

Related Vulnerabilities

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2005-0004)

WordPress Plugin Clever Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (2.0.15)

Plone CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7293)

WordPress Plugin WP Symposium Arbitrary File Upload Vulnerabilities (11.11.26)

WordPress Plugin Add Social Share Messenger Buttons Whatsapp and Viber Cross-Site Request Forgery (1.0.8)

Severity

Medium

Classification

CVE-2020-13897 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities