VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 3, 2020· Updated Aug 4, 2024

CVE-2020-13820

CVE-2020-13820

Description

Extreme Management Center 8.4.1.24 is vulnerable to unauthenticated reflected XSS via a GET request parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Extreme Management Center 8.4.1.24 is vulnerable to unauthenticated reflected XSS via a GET request parameter.

Vulnerability

Extreme Management Center version 8.4.1.24 contains an unauthenticated reflected cross-site scripting (XSS) vulnerability in a GET request parameter [1]. The flaw exists in the web interface and can be triggered without prior authentication.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing a JavaScript payload in a vulnerable parameter and tricking a victim into clicking the link. No authentication or special network position is required beyond access to the management center's web interface.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser within the context of the Extreme Management Center web application. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.

Mitigation

As of the publication date, no official patch or workaround has been disclosed in the available references [1]. Users should monitor the vendor's advisory page for updates and consider restricting access to the management interface as a temporary measure.

References
  1. Search: | Extreme Portal

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.