CVE-2020-14042

MEDIUM6.1EPSS 0.34%

Codiad Cross-site Scripting Vulnerability

Published: 5/24/2022Modified: 4/25/2024

Description

A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name `$path` variable in components/filemanager/class.filemanager.php. **NOTE:** the vendor states "Codiad is no longer under active maintenance by core contributors."

Affected packages (1)

Packagist/codiad/codiad>= 1.7.8, <= 2.8.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-14042
PATCHhttps://github.com/Codiad/Codiad
WEBhttps://github.com/Codiad/Codiad/issues/1122
WEBhttps://github.com/Codiad/Codiad/issues/1132
WEBhttps://web.archive.org/web/20220828225621/https://advisory.checkmarx.net/advisory/CX-2020-4278