CVE-2020-14024
N/A
N/A
Summary
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.ozeki.hu/index.php?owpn=231
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14024-Multiple%20XSS-Ozeki%20SMS%20Gateway
References
- https://www.ozeki.hu/index.php?owpn=231
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-14024-Multiple%20XSS-Ozeki%20SMS%20Gateway
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.