Details of VAR-202010-1343

ID

VAR-202010-1343

CVE

CVE-2020-6876

TITLE

ZTE eVDC Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012734

DESCRIPTION

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04. ZTE eVDC Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE eVDC is a virtualized data center product service of China ZTE Corporation (ZTE)

Trust: 1.8

sources: NVD: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // VULHUB: VHN-185001 // VULMON: CVE-2020-6876

AFFECTED PRODUCTS

vendor:	zte	model:	evdc	scope:	eq	version:	zxcloud-irosv6.03.04	Trust: 1.8
vendor:	zte	model:	evdc	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012734 // NVD: CVE-2020-6876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6876
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-6876
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202010-1452
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-185001
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-6876
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-6876
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-185001
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6876
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2020-6876
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-185001 // JVNDB: JVNDB-2020-012734 // NVD: CVE-2020-6876

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1452

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202010-1452

PATCH

title:	A Security Vulnerability in a ZTE Product	url:	http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1013782	Trust: 0.8
title:	ZTE eVDC Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131863	Trust: 0.6

sources: JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6876	Trust: 2.6
db:	ZTE	id:	1013782	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012734	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1452	Trust: 0.7
db:	VULHUB	id:	VHN-185001	Trust: 0.1
db:	VULMON	id:	CVE-2020-6876	Trust: 0.1

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

REFERENCES

url:	http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1013782	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6876	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-185001 // VULMON: CVE-2020-6876 // JVNDB: JVNDB-2020-012734 // CNNVD: CNNVD-202010-1452 // NVD: CVE-2020-6876

SOURCES

db:	VULHUB	id:	VHN-185001
db:	VULMON	id:	CVE-2020-6876
db:	JVNDB	id:	JVNDB-2020-012734
db:	CNNVD	id:	CNNVD-202010-1452
db:	NVD	id:	CVE-2020-6876

LAST UPDATE DATE

2024-11-23T22:21:00.863000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-185001	date:	2020-10-30T00:00:00
db:	VULMON	id:	CVE-2020-6876	date:	2020-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-012734	date:	2021-05-25T05:04:00
db:	CNNVD	id:	CNNVD-202010-1452	date:	2020-11-02T00:00:00
db:	NVD	id:	CVE-2020-6876	date:	2024-11-21T05:36:20.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-185001	date:	2020-10-26T00:00:00
db:	VULMON	id:	CVE-2020-6876	date:	2020-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2020-012734	date:	2021-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202010-1452	date:	2020-10-26T00:00:00
db:	NVD	id:	CVE-2020-6876	date:	2020-10-26T16:15:13.690