CVE-2020-19202

Published: Jun 17, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/dharmeshbaskaran/2825ee8ae48b9065193c07a92b3a712c

x_refsource_MISC

https://blog.ipfire.org/post/ipfire-2-23-core-update-132-released

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-19202

Description

Affected Products

References