CVE 2020 14210
monitorapp-aicc edited this page Aug 2, 2021
·
16 revisions
Clone this wiki locally
1. Summary
- Cross Site Scripting Vulnerability in MONITORAPP WAF ( Solved )
- CVE-2020-14210
2. Description
- MONITORAPP WAF provides a function to response to Request URL information when blocking
- Reflected XSS vulnerability in which script can be executed when responding to Request URL information

3. Product Version
- WAF
- ~ V4.1 B7239
- ~ V5.0 B1064
4. Solution
- Apply the update to the version where the vulnerability is resolved ( escaped so that the script does not work )
- V4.1 B7240 ~
- V5.0 B1065 ~

- If update is not possible, Temporarily disable function
5. Reference Site
Contact: aicc@monitorapp.com