CVE-2020-36502: XSS
First published: Fri Oct 22 2021(Updated: )
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Swiftfiletransfer Swift File Transfer | =1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-36502?
CVE-2020-36502 is a cross-site scripting (XSS) vulnerability in Swift File Transfer Mobile v1.1.2.
How does CVE-2020-36502 affect Swift File Transfer Mobile?
CVE-2020-36502 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name in Swift File Transfer Mobile v1.1.2.
How severe is CVE-2020-36502?
CVE-2020-36502 has a severity score of 6.1/10, which is classified as medium.
How can the cross-site scripting (XSS) vulnerability in Swift File Transfer Mobile v1.1.2 be exploited?
The vulnerability can be exploited by injecting malicious scripts or HTML code through the devicename parameter when entering the device name.
Is there a fix available for CVE-2020-36502?
At the moment, there is no specific fix available for CVE-2020-36502. It is recommended to update to a patched version when it becomes available.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/weakness
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/swiftfiletransfer
- canonical/swiftfiletransfer swift file transfer
- version/swiftfiletransfer swift file transfer/1.1.2