Arbitrary Code Execution via XSS in Ari Adminer v1

Arbitrary Code Execution via XSS in Ari Adminer v1

CVE-2020-19156 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.

Learn more about our Web Application Penetration Testing UK.