Unrated severityNVD Advisory· Published Oct 16, 2020· Updated Aug 4, 2024

CVE-2020-16270

Description

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OLIMPOKS/OLIMPOKSdescription
OLIMPOKS/OLIMPOKSllm-create
Range: <3.3.39

Patches

Vulnerability mechanics

References

bdu.fstec.ru/vul/2020-04623mitrex_refsource_MISC
olimpoks.ru/oks/forum/olimpoks5.phpmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000