Security Advisory

CVE-2020-19202

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-17 15:22:58

Last updated 2024-08-04 14:08:30

Assigner mitre

State PUBLISHED

Description

An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.

← Browse all CVEs View on cve.org ↗