Skip to main content

Guardian CVE-2020-15307

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-06-30 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 30, 2020 - 18:15 nvd
MEDIUM 6.1

DescriptionNVD

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name.

AnalysisAI

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. Affected products include: Nozominetworks Guardian. Version information: before 19.0.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-7049 HIGH POC
7.3 Jun 30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7

CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2026-39911 HIGH
8.7 Apr 09

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2021-26725 HIGH
8.6 Feb 22

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat

CVE-2021-26724 HIGH
8.6 Feb 22

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and

CVE-2023-32649 HIGH
8.2 Sep 19

A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain

Share

CVE-2020-15307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy