← Back to CVEs
CVE-2020-24301
MEDIUM6.1
Description
Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believed to be widely used for any production purposes.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published10/8/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
hapifhir:testpage_overlay
Weaknesses (CWE)
CWE-79
References
https://github.com/jamesagnew/hapi-fhir/issues/2026(cve@mitre.org)
https://github.com/jamesagnew/hapi-fhir/issues/2026(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.