CVE-2020-12530 MEDIUM

CVE-2020-12530

Vendor Mb Connect Line
Product mymbCONNECT24
Weakness CWE-79 · XSS
Published March 2, 2021
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.

Key dates

02Disclosure timeline

March 2, 2021 CVE published
September 16, 2024 Record updated