CVE-2020-10790

MEDIUM EPSS 55.4%
Published Mar 25, 20206y ago · Modified Jun 17, 20262w ago
5.4 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.

CVSS Details

Base Score
5.4
Exploitability
2.3
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
55.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
it-novumopenitcockpit* <3.7.3

References 3

  • github.com https://github.com/it-novum/openITCOCKPIT/commit/3838d98d35ececc7e83cf0f7cf785c9a7729cdbf
    Patch
  • github.com https://github.com/it-novum/openITCOCKPIT/commit/6c9bb1d7cf5f24683e704cee8c84b8b6d850d8bf
    Patch
  • openitcockpit.io https://openitcockpit.io/2020/2020/03/23/openitcockpit-3-7-3-released/
    Vendor Advisory

Remediation

  • github.com https://github.com/it-novum/openITCOCKPIT/commit/3838d98d35ececc7e83cf0f7cf785c9a7729cdbf
    Patch
  • github.com https://github.com/it-novum/openITCOCKPIT/commit/6c9bb1d7cf5f24683e704cee8c84b8b6d850d8bf
    Patch