CVE-2020-28470— Cross-site Scripting (XSS)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-28470
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS)
Source: NVD (National Vulnerability Database)
Vulnerability Description
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Scullyio Scully 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Scullyio Scully是Scullyio组织的一款基于Typescript用于构建Angular应用的软件。Scully将应用中的每个页面预先渲染为纯HTML和CSS。为此,Scully使用guessjs查找项目中的所有路线。然后Scully访问每条路线,渲染视图并将其保存到HTML文件。 Scullyio Scully before 1.0.9 存在安全漏洞,该漏洞源于传输状态用JSON.stringify()函数序列化,然后写入HTML页面。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | @scullyio/scully | unspecified ~ 1.0.9 | - |
II. Public POCs for CVE-2020-28470
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-28470
请登录查看更多情报信息。
- https://snyk.io/vuln/SNYK-JS-SCULLYIOSCULLY-1055829x_refsource_MISC
- https://github.com/scullyio/scully/pull/1182x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-28470
Same Patch Batch · n/a · 2021-01-14 · 10 CVEs total
| CVE-2020-29015 | Fortinet FortiWeb SQL注入漏洞 | |
| CVE-2020-29017 | Fortinet FortiDeceptor 操作系统命令注入漏洞 | |
| CVE-2020-29019 | Fortinet FortiWeb 缓冲区错误漏洞 | |
| CVE-2021-21722 | ZTE ZXV10 B860A 日志信息泄露漏洞 | |
| CVE-2020-27368 | TotoLink A702r 访问控制错误漏洞 | |
| CVE-2020-26733 | Skyworth Gn542vf 跨站脚本漏洞 | |
| CVE-2020-29587 | Simplcommerce 跨站脚本漏洞 | |
| CVE-2021-3138 | Discourse 安全漏洞 | |
| CVE-2020-26732 | Skyworth Gn542vf 安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2020-28470
No comments yet