CVE-2020-9299

There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
netflixCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
netflixdispatch
𝑥
< 20201106
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Netflix/dispatch/releases/tag/v20201106
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md
https://github.com/Netflix/dispatch/releases/tag/v20201106
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md