CVE-2020-16270
N/A
N/A
Summary
OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://olimpoks.ru/oks/forum/olimpoks5.php
- https://bdu.fstec.ru/vul/2020-04623
- https://github.com/Security-AVS/CVE-2020-16270
References
- https://olimpoks.ru/oks/forum/olimpoks5.php
- https://bdu.fstec.ru/vul/2020-04623
- https://github.com/Security-AVS/CVE-2020-16270
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.