CVE-2020-16246

Summary

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

Affected Software

VendorProductVersion RangeStatus
General ElectricReason S20 Ethernet SwitchS2020 <= 07A06affected
General ElectricReason S20 Ethernet SwitchS2024 <= 07A06affected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

ADP Enrichment

CVE Program Container

Additional References

References