Unrated severityNVD Advisory· Published Oct 6, 2020· Updated Aug 4, 2024
CVE-2020-26574
CVE-2020-26574
Description
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Leostream/Connection Brokerdescription
- Range: =8.2.x
Patches
Vulnerability mechanics
References
2- adepts.of0x.cc/leostream-xss-to-rce/mitrex_refsource_MISC
- www.leostream.com/resources/product-lifecycle/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.