Skip to content

CVE 2020 14210

monitorapp-aicc edited this page Aug 2, 2021 · 16 revisions

1. Summary

  • Cross Site Scripting Vulnerability in MONITORAPP WAF ( Solved )
  • CVE-2020-14210

2. Description

  • MONITORAPP WAF provides a function to response to Request URL information when blocking
  • Reflected XSS vulnerability in which script can be executed when responding to Request URL information

image

3. Product Version

  • WAF
    • ~ V4.1 B7239
    • ~ V5.0 B1064

4. Solution

  • Apply the update to the version where the vulnerability is resolved ( escaped so that the script does not work )
    • V4.1 B7240 ~
    • V5.0 B1065 ~

image

  • If update is not possible, Temporarily disable function

5. Reference Site