Improper Neutralization of Script in Attributes in a Web Page

CVE-2020-14525

Low

3.5/10

Summary

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-83 - Improper Neutralization of Script in Attributes in a Web Page

The software does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.

References

Advisory Timeline

Published Sep 18, 2020

Improper Neutralization of Script in Attributes in a Web Page

CVE-2020-14525

Summary

CWE-83 - Improper Neutralization of Script in Attributes in a Web Page

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS