CVE-2020-9028
Published Feb 17, 2020
Last updated 5 years ago
Overview
- Description
- Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microchip:syncserver_s100_firmware:2.90.70.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74360361-840A-4934-9E74-C216CDF3E257"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microchip:syncserver_s100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BE4FB24A-DA03-4C4D-BF7C-BC5C26E9CF79"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microchip:syncserver_s200_firmware:1.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "966CD4CC-FC78-47BA-BB8D-82ADDED46089"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microchip:syncserver_s200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CF3CDFD8-9C39-495E-820F-7379510C7A09"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microchip:syncserver_s250_firmware:1.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37E30BDA-AD90-457B-950A-589AF1428725"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microchip:syncserver_s250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4A583CDA-6568-4F67-8DC5-302B9644EFCE"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microchip:syncserver_s300_firmware:2.65.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C01BFD-1C7E-4E10-B3B7-2CF87E18FD26"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microchip:syncserver_s300:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "76A0C258-0C4D-4402-A0D0-61C247E24964"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microchip:syncserver_s350_firmware:2.80.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B41D65CF-FD5E-4508-9FAF-8CB7F573F650"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:microchip:syncserver_s350:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "29BAF33D-CB50-4AB6-9B39-DF56968CE59C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]