Sign-up

ID

VAR-202002-1114


CVE

CVE-2020-5317


TITLE

Dell EMC ECS Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001894

DESCRIPTION

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2020-5317 // JVNDB: JVNDB-2020-001894 // VULHUB: VHN-183442 // VULMON: CVE-2020-5317

AFFECTED PRODUCTS

vendor:dellmodel:emc elastic cloud storagescope:ltversion:3.4.0.1

Trust: 1.0

vendor:dellmodel:emc ecsscope:eqversion:3.4.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-001894 // NVD: CVE-2020-5317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5317
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2020-5317
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-001894
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202002-184
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183442
value: LOW

Trust: 0.1

VULMON: CVE-2020-5317
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5317
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-001894
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-183442
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-5317
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2020-5317
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-001894
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-183442 // VULMON: CVE-2020-5317 // JVNDB: JVNDB-2020-001894 // CNNVD: CNNVD-202002-184 // NVD: CVE-2020-5317 // NVD: CVE-2020-5317

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-183442 // JVNDB: JVNDB-2020-001894 // NVD: CVE-2020-5317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-184

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202002-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001894

PATCH
title:DSA-2020-016: Dell EMC ECS Cross-Site Scripting (XSS) Vulnerabilityurl:https://www.dell.com/support/security/en-us/details/540788/DSA-2020-016-Dell-EMC-ECS-Cross-Site-Scripting-XSS-Vulnerability
Trust: 0.8
title:Dell EMC ECS Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108698
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001894 // 
            
            
            
            CNNVD: CNNVD-202002-184

EXTERNAL IDS
db:NVDid:CVE-2020-5317
Trust: 2.6
db:JVNDBid:JVNDB-2020-001894
Trust: 0.8
db:CNNVDid:CNNVD-202002-184
Trust: 0.7
db:CNVDid:CNVD-2020-04566
Trust: 0.1
db:VULHUBid:VHN-183442
Trust: 0.1
db:VULMONid:CVE-2020-5317
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183442 // 
            
            
            
            VULMON: CVE-2020-5317 // 
            
            
            
            JVNDB: JVNDB-2020-001894 // 
            
            
            
            CNNVD: CNNVD-202002-184 // 
            
            
            
            NVD: CVE-2020-5317

REFERENCES
url:https://www.dell.com/support/security/en-us/details/540788/dsa-2020-016-dell-emc-ecs-cross-site-scripting-xss-vulnerability
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5317
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5317
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183442 // 
            
            
            
            VULMON: CVE-2020-5317 // 
            
            
            
            JVNDB: JVNDB-2020-001894 // 
            
            
            
            CNNVD: CNNVD-202002-184 // 
            
            
            
            NVD: CVE-2020-5317

SOURCES
db:VULHUBid:VHN-183442
db:VULMONid:CVE-2020-5317
db:JVNDBid:JVNDB-2020-001894
db:CNNVDid:CNNVD-202002-184
db:NVDid:CVE-2020-5317

LAST UPDATE DATE
2024-11-23T22:05:47.577000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183442date:2020-02-12T00:00:00
db:VULMONid:CVE-2020-5317date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2020-001894date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-184date:2021-01-05T00:00:00
db:NVDid:CVE-2020-5317date:2024-11-21T05:33:54

SOURCES RELEASE DATE
db:VULHUBid:VHN-183442date:2020-02-06T00:00:00
db:VULMONid:CVE-2020-5317date:2020-02-06T00:00:00
db:JVNDBid:JVNDB-2020-001894date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-184date:2020-02-06T00:00:00
db:NVDid:CVE-2020-5317date:2020-02-06T18:15:13.620