CVE-2020-8020: Persistent XSS in markdown parser used by obs-server
First published: Wed May 13 2020(Updated: )
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE Open Build Service | <2020-05-13 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-8020.
What is the severity of CVE-2020-8020?
The severity of CVE-2020-8020 is medium with a CVSS score of 6.1.
What is the affected software for CVE-2020-8020?
The affected software for CVE-2020-8020 is openSUSE Open Build Service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb and Debian Debian Linux version 9.0.
What is the description of CVE-2020-8020?
CVE-2020-8020 is an Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service that allows remote attackers to store arbitrary JavaScript code to cause XSS.
How can I fix CVE-2020-8020?
To fix CVE-2020-8020, it is recommended to update openSUSE Open Build Service to version 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb or later, and Debian Debian Linux to version 9.0 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/opensuse
- canonical/opensuse open build service
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0