Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-29535

CVSS 5.3 · Medium EPSS 0.22% · P44
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-29535

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
RSA Security Archer 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
RSA Security Archer是英国RSA Security公司的一款企业IT治理和合规治理产品。该产品可以制定eGRC计划,用于管理企业风险、实现业务流程自动化等。 RSA Security Archer6.8 P4 之前版本存在跨站脚本漏洞,该漏洞源于经过远程身份验证的恶意Archer用户可能会利用此漏洞将恶意HTML或JavaScript代码存储在受信任的应用程序数据存储中。当应用程序用户通过浏览器访问损坏的数据存储时,恶意代码将由web浏览器在脆弱的web应用程序上下文中执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-29535

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-29535

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-01-29 · 56 CVEs total

CVE-2020-284058.8 HIGHStar Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-284038.0 HIGHStar Computer Star Practice Management Web 跨站请求伪造漏洞
CVE-2020-284066.5 MEDIUMStar Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-284046.5 MEDIUMStar Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-284016.5 MEDIUMStar Computer Star Practice Management Web 访问控制错误漏洞
CVE-2021-233285.6 MEDIUMPrototype Pollution
CVE-2020-284025.4 MEDIUMStar Computer Star Practice Management Web 访问控制错误漏洞
CVE-2020-295384.9 MEDIUMArcher 访问控制错误漏洞
CVE-2020-295374.6 MEDIUMRSA Security Archer 输入验证错误漏洞
CVE-2020-295364.3 MEDIUMRSA Security Archer 加密问题漏洞
CVE-2020-29004MediaWiki 跨站请求伪造漏洞
CVE-2021-26308Blackbeam Rust-marc 安全漏洞
CVE-2021-26307Mozilla Rust 安全漏洞
CVE-2021-26303PHPGurukul Daily Expense Tracker System 跨站脚本漏洞
CVE-2020-29604MantisBT 信息泄露漏洞
CVE-2020-35547Mitel Networks MiCollab 授权问题漏洞
CVE-2021-3176Mitel BusinessCTI Enterprise (MBC-E) Client 输入验证错误漏洞
CVE-2020-29603MantisBT 访问控制错误漏洞
CVE-2020-29605MantisBT 安全漏洞
CVE-2020-35652Sangoma Asterisk 多款产品安全漏洞

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-29535

No comments yet

Leave a comment