CVE-2020-24664

EPSS 0.20% · P42 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-24664

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Hitachi Vantara Pentaho 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Hitachi Vantara Pentaho是日本Hitachi公司的一款用于大数据环境中对数据进行存储和管理的服务。 Hitachi Vantara Pentaho 版本7.x 至 8.x 存在跨站脚本漏洞，该漏洞允许经过身份验证的远程用户执行任意JavaScript代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-24664

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-24664

请登录查看更多情报信息。

https://support.pentaho.com/hc/en-us/articles/360050965992-hirt-sec-2020-601-Multiple-Vulnerabilities-in-Pentahox_refsource_MISC
https://www.accenture.comx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-24664

Same Patch Batch · n/a · 2021-01-29 · 56 CVEs total

CVE-2020-28405	8.8 HIGH	Star Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-28403	8.0 HIGH	Star Computer Star Practice Management Web 跨站请求伪造漏洞
CVE-2020-28406	6.5 MEDIUM	Star Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-28401	6.5 MEDIUM	Star Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-28404	6.5 MEDIUM	Star Computer Star Practice Management Web 访问控制错误漏洞
CVE-2021-23328	5.6 MEDIUM	Prototype Pollution
CVE-2020-28402	5.4 MEDIUM	Star Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-29535	5.3 MEDIUM	RSA Security Archer 跨站脚本漏洞
CVE-2020-29538	4.9 MEDIUM	Archer 访问控制错误漏洞
CVE-2020-29537	4.6 MEDIUM	RSA Security Archer 输入验证错误漏洞
CVE-2020-29536	4.3 MEDIUM	RSA Security Archer 加密问题漏洞
CVE-2020-29004		MediaWiki 跨站请求伪造漏洞
CVE-2021-26308		Blackbeam Rust-marc 安全漏洞
CVE-2021-26307		Mozilla Rust 安全漏洞
CVE-2021-26303		PHPGurukul Daily Expense Tracker System 跨站脚本漏洞
CVE-2020-29605		MantisBT 安全漏洞
CVE-2020-35547		Mitel Networks MiCollab 授权问题漏洞
CVE-2021-3176		Mitel BusinessCTI Enterprise (MBC-E) Client 输入验证错误漏洞
CVE-2020-29603		MantisBT 访问控制错误漏洞
CVE-2020-35145		Acronis True Image for Windows 代码问题漏洞

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-24664

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-24664

I. Basic Information for CVE-2020-24664

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-24664

III. Intelligence Information for CVE-2020-24664

Same Patch Batch · n/a · 2021-01-29 · 56 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-24664

Leave a comment