CVE-2020-28365
MEDIUM WAF: High
CVSS 6.1
Published: 2020-12-30
CWE-79
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sapplica | sentrifugo | 3.2 |
References
- github.com (Patch, Third Party Advisory)
- www.wizlynxgroup.com (Third Party Advisory)