CVE-2020-36634

Summary

A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Indeed Engineeringutil1.0.0affected
Indeed Engineeringutil1.0.1affected
Indeed Engineeringutil1.0.2affected
Indeed Engineeringutil1.0.3affected
Indeed Engineeringutil1.0.4affected
Indeed Engineeringutil1.0.5affected
Indeed Engineeringutil1.0.6affected
Indeed Engineeringutil1.0.7affected
Indeed Engineeringutil1.0.8affected
Indeed Engineeringutil1.0.9affected
Indeed Engineeringutil1.0.10affected
Indeed Engineeringutil1.0.11affected
Indeed Engineeringutil1.0.12affected
Indeed Engineeringutil1.0.13affected
Indeed Engineeringutil1.0.14affected
Indeed Engineeringutil1.0.15affected
Indeed Engineeringutil1.0.16affected
Indeed Engineeringutil1.0.17affected
Indeed Engineeringutil1.0.18affected
Indeed Engineeringutil1.0.19affected
Indeed Engineeringutil1.0.20affected
Indeed Engineeringutil1.0.21affected
Indeed Engineeringutil1.0.22affected
Indeed Engineeringutil1.0.23affected
Indeed Engineeringutil1.0.24affected
Indeed Engineeringutil1.0.25affected
Indeed Engineeringutil1.0.26affected
Indeed Engineeringutil1.0.27affected
Indeed Engineeringutil1.0.28affected
Indeed Engineeringutil1.0.29affected
Indeed Engineeringutil1.0.30affected
Indeed Engineeringutil1.0.31affected
Indeed Engineeringutil1.0.32affected
Indeed Engineeringutil1.0.33affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References