CVE-2020-28184

MEDIUM WAF: High
CVSS 5.4 Published: 2020-12-24
CWE-79

Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

VendorProductVersion
terra-mastertosup to 4.2.06

References

Back to CVE Database