CVE-2020-5901: XSS
First published: Wed Jul 01 2020(Updated: )
In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Nginx Controller | >=3.3.0<=3.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-5901?
The severity of CVE-2020-5901 is critical with a CVSS score of 9.6.
How can I mitigate CVE-2020-5901?
To mitigate CVE-2020-5901, consider upgrading NGINX Controller to versions 3.5.1 or later.
What is the description of CVE-2020-5901?
CVE-2020-5901 involves undisclosed API endpoints in NGINX Controller 3.3.0-3.4.0 that may allow for a reflected Cross Site Scripting (XSS) attack.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/f5
- canonical/f5 nginx controller
- version/f5 nginx controller/3.3.0
- version/f5 nginx controller/3.4.0