CVE-2020-21731

⬤ Vulnerability Type:
Cross Site Scripting (XSS)


⬤ Affected Component:
http://192.168.100.7/gazie/modules/config/admin_utente.php?u
ser_name=amministratore&Update


⬤ Attack Type: Remote


⬤ Impact Code execution: true


⬤ Attack Vectors: 
User profile surname and name fields, vulnerable to xss. Attacker
can inject JavaScript code this field, and the webapplication
stored the injected code.


⬤ Reference:
http://gazie.com http://gazie.devincentiis.it/


⬤ Vendor of Product:
http://gazie.devincentiis.it/


⬤ Affected Product Code Base: 
Gazie 7.29


⬤ Suggested description: 
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. 
An attacker can inject JavaScript code, and the webapplication stores the injected code.


sub.zer0d4y@gmail.com


Use CVE-2020-21731 for this vulnerability.