ID

VAR-202010-1343


CVE

CVE-2020-6876


TITLE

ZTE eVDC  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012734

DESCRIPTION

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04. ZTE eVDC Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE eVDC is a virtualized data center product service of China ZTE Corporation (ZTE)

Trust: 1.8

sources: NVD: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // VULHUB: VHN-185001 // VULMON: CVE-2020-6876

AFFECTED PRODUCTS

vendor:ztemodel:evdcscope:eqversion:zxcloud-irosv6.03.04

Trust: 1.8

vendor:ztemodel:evdcscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012734 // NVD: CVE-2020-6876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6876
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-6876
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1452
value: MEDIUM

Trust: 0.6

VULHUB: VHN-185001
value: LOW

Trust: 0.1

VULMON: CVE-2020-6876
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-6876
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-185001
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6876
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2020-6876
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-185001 // JVNDB: JVNDB-2020-012734 // NVD: CVE-2020-6876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1452

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202010-1452

PATCH

title:A Security Vulnerability in a ZTE Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782

Trust: 0.8

title:ZTE eVDC Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131863

Trust: 0.6

sources: JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452

EXTERNAL IDS

db:NVDid:CVE-2020-6876

Trust: 2.6

db:ZTEid:1013782

Trust: 1.8

db:JVNDBid:JVNDB-2020-012734

Trust: 0.8

db:CNNVDid:CNNVD-202010-1452

Trust: 0.7

db:VULHUBid:VHN-185001

Trust: 0.1

db:VULMONid:CVE-2020-6876

Trust: 0.1

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

REFERENCES

url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1013782

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-6876

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

SOURCES

db:VULHUBid:VHN-185001
db:VULMONid:CVE-2020-6876
db:JVNDBid:JVNDB-2020-012734
db:CNNVDid:CNNVD-202010-1452
db:NVDid:CVE-2020-6876

LAST UPDATE DATE

2024-11-23T22:21:00.863000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-185001date:2020-10-30T00:00:00
db:VULMONid:CVE-2020-6876date:2020-10-30T00:00:00
db:JVNDBid:JVNDB-2020-012734date:2021-05-25T05:04:00
db:CNNVDid:CNNVD-202010-1452date:2020-11-02T00:00:00
db:NVDid:CVE-2020-6876date:2024-11-21T05:36:20.310

SOURCES RELEASE DATE

db:VULHUBid:VHN-185001date:2020-10-26T00:00:00
db:VULMONid:CVE-2020-6876date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-012734date:2021-05-25T00:00:00
db:CNNVDid:CNNVD-202010-1452date:2020-10-26T00:00:00
db:NVDid:CVE-2020-6876date:2020-10-26T16:15:13.690