CVE-2020-26801

medium

Description

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request.

References

https://www.blacklanternsecurity.com/2021-06-21-Tripplite-CVE/

http://tripplite.com

http://su2200rtxl2ua.com

Details

Source: Mitre, NVD

Published: 2021-06-25

Updated: 2024-02-14

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00219