CVE-2020-8031 MEDIUM

CVE-2020-8031: obs: Stored XSS

Vendor Opensuse
Product Open Build Service
Weakness CWE-79 · XSS
Published February 11, 2021
Last update September 16, 2024
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.

Key dates

02Disclosure timeline

February 11, 2021 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-54670 WordPress oik Plugin <= 4.15.2 - Cross Site Scripting (XSS) Vulnerability CVE-2014-125097 BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting CVE-2023-24957 IBM Business Automation Workflow cross-site scripting CVE-2024-51592 WordPress Meta Store Elements plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability CVE-2025-31897 WordPress Arrow Custom Feed for Twitter plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability