CVE-2020-13168
02.10.2020, 09:15
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
| Vendor | Product | Version |
|---|---|---|
| sysaid | sysaid_on-premises | 5.0 |
| sysaid | sysaid_on-premises | 5.5.06 |
| sysaid | sysaid_on-premises | 5.6 |
| sysaid | sysaid_on-premises | 6.0.9 |
| sysaid | sysaid_on-premises | 6.5 |
| sysaid | sysaid_on-premises | 7.0 |
| sysaid | sysaid_on-premises | 7.5 |
| sysaid | sysaid_on-premises | 8.0 |
| sysaid | sysaid_on-premises | 8.1 |
| sysaid | sysaid_on-premises | 8.5 |
| sysaid | sysaid_on-premises | 9.0.10 |
| sysaid | sysaid_on-premises | 9.0.30 |
| sysaid | sysaid_on-premises | 9.0.40 |
| sysaid | sysaid_on-premises | 9.0.52 |
| sysaid | sysaid_on-premises | 9.0.53 |
| sysaid | sysaid_on-premises | 9.1.0 |
| sysaid | sysaid_on-premises | 14.1 |
| sysaid | sysaid_on-premises | 14.2 |
| sysaid | sysaid_on-premises | 14.3 |
| sysaid | sysaid_on-premises | 14.4.00 |
| sysaid | sysaid_on-premises | 14.4.1 |
| sysaid | sysaid_on-premises | 14.4.2 |
| sysaid | sysaid_on-premises | 14.4.3 |
| sysaid | sysaid_on-premises | 15.1.20 |
| sysaid | sysaid_on-premises | 15.1.30 |
| sysaid | sysaid_on-premises | 15.1.50 |
| sysaid | sysaid_on-premises | 15.1.70 |
| sysaid | sysaid_on-premises | 15.2.03 |
| sysaid | sysaid_on-premises | 15.2.04 |
| sysaid | sysaid_on-premises | 15.2.05 |
| sysaid | sysaid_on-premises | 16.3.16 |
| sysaid | sysaid_on-premises | 16.3.17 |
| sysaid | sysaid_on-premises | 17.2.03 |
| sysaid | sysaid_on-premises | 17.3.57 |
| sysaid | sysaid_on-premises | 18.1.54 |
| sysaid | sysaid_on-premises | 19.2 |
| sysaid | sysaid_on-premises | 19.4 |
| sysaid | sysaidsy_on-premises | 20.1.11:b26 |
𝑥
= Vulnerable software versions