CVE-2020-16242

Summary

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.

Affected Software

VendorProductVersion RangeStatus
General ElectricReason S20 Ethernet SwitchS2020 <= 07A06affected
General ElectricReason S20 Ethernet SwitchS2024 <= 07A06affected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

ADP Enrichment

CVE Program Container

Additional References

References