CVE-2020-19156

Published: Sep 15, 2021Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.

Affected (1)

Products: Ari Soft: Ari Adminer

Ari Soft

1 product

Ari Adminer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ari Soft Ari Adminer	Version 1.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.seebug.org/vuldb/ssvid-97852

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.seebug.org/vuldb/ssvid-97852

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.