From 4a9e6021b87af5aca30af47dff574fa10c54b4c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 23 Mar 2020 20:01:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/6xxx/CVE-2019-6560.json | 58 ++++++++++++++++++++++---- 2020/10xxx/CVE-2020-10870.json | 76 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10871.json | 72 ++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10872.json | 18 ++++++++ 2020/10xxx/CVE-2020-10873.json | 18 ++++++++ 2020/5xxx/CVE-2020-5722.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7476.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7477.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7478.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7479.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7480.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7481.json | 50 ++++++++++++++++++++-- 2020/7xxx/CVE-2020-7482.json | 50 ++++++++++++++++++++-- 13 files changed, 611 insertions(+), 31 deletions(-) create mode 100644 2020/10xxx/CVE-2020-10870.json create mode 100644 2020/10xxx/CVE-2020-10871.json create mode 100644 2020/10xxx/CVE-2020-10872.json create mode 100644 2020/10xxx/CVE-2020-10873.json diff --git a/2019/6xxx/CVE-2019-6560.json b/2019/6xxx/CVE-2019-6560.json index 7201e9c1cca..d9a9fc42a23 100644 --- a/2019/6xxx/CVE-2019-6560.json +++ b/2019/6xxx/CVE-2019-6560.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6560", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6560", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", + "version": { + "version_data": [ + { + "version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak." } ] } diff --git a/2020/10xxx/CVE-2020-10870.json b/2020/10xxx/CVE-2020-10870.json new file mode 100644 index 00000000000..9ad26458201 --- /dev/null +++ b/2020/10xxx/CVE-2020-10870.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028", + "refsource": "MISC", + "name": "https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:N/I:N/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10871.json b/2020/10xxx/CVE-2020-10871.json new file mode 100644 index 00000000000..4b27fec428b --- /dev/null +++ b/2020/10xxx/CVE-2020-10871.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openwrt/luci/issues/3563#issuecomment-578522860", + "refsource": "MISC", + "name": "https://github.com/openwrt/luci/issues/3563#issuecomment-578522860" + }, + { + "url": "https://github.com/openwrt/luci/issues/3653#issue-567892007", + "refsource": "MISC", + "name": "https://github.com/openwrt/luci/issues/3653#issue-567892007" + }, + { + "url": "https://github.com/openwrt/luci/issues/3766", + "refsource": "MISC", + "name": "https://github.com/openwrt/luci/issues/3766" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10872.json b/2020/10xxx/CVE-2020-10872.json new file mode 100644 index 00000000000..281bf4c5152 --- /dev/null +++ b/2020/10xxx/CVE-2020-10872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10873.json b/2020/10xxx/CVE-2020-10873.json new file mode 100644 index 00000000000..5c7dfb7d556 --- /dev/null +++ b/2020/10xxx/CVE-2020-10873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5722.json b/2020/5xxx/CVE-2020-5722.json index a955e1a75ab..5ee2513bd58 100644 --- a/2020/5xxx/CVE-2020-5722.json +++ b/2020/5xxx/CVE-2020-5722.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Grandstream UCM6200 Series", + "version": { + "version_data": [ + { + "version_value": "Before 1.0.20.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection, HTML Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-15", + "url": "https://www.tenable.com/security/research/tra-2020-15" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17." } ] } diff --git a/2020/7xxx/CVE-2020-7476.json b/2020/7xxx/CVE-2020-7476.json index 92cf3f08869..8debdddfbfd 100644 --- a/2020/7xxx/CVE-2020-7476.json +++ b/2020/7xxx/CVE-2020-7476.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ZigBee Installation Toolkit (Versions prior to 1.0.1)", + "version": { + "version_data": [ + { + "version_value": "ZigBee Installation Toolkit (Versions prior to 1.0.1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426: Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-03", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search path." } ] } diff --git a/2020/7xxx/CVE-2020-7477.json b/2020/7xxx/CVE-2020-7477.json index f5e35b1085d..26324835f31 100644 --- a/2020/7xxx/CVE-2020-7477.json +++ b/2020/7xxx/CVE-2020-7477.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7477", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)", + "version": { + "version_data": [ + { + "version_value": "Modicon Quantum Ethernet Network module and Quantum / Premium COPRO (Quantum Ethernet Network module 140NOE771x1, versions 7.0 and prior, Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx, all versions, Premium processors with integrated Ethernet, all versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-02/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethernet \u2013 140CPU65xxxxx (all Versions), and Premium processors with integrated Ethernet (all Versions), which could cause a Denial of Service when sending a specially crafted command over Modbus." } ] } diff --git a/2020/7xxx/CVE-2020-7478.json b/2020/7xxx/CVE-2020-7478.json index 41d8e3413e3..7783af5ac28 100644 --- a/2020/7xxx/CVE-2020-7478.json +++ b/2020/7xxx/CVE-2020-7478.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7478", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009)", + "version": { + "version_data": [ + { + "version_value": "IGSS (Interactive Graphical SCADA System) (Versions 14 and prior using the service: IGSSupdate)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled." } ] } diff --git a/2020/7xxx/CVE-2020-7479.json b/2020/7xxx/CVE-2020-7479.json index 54a5f312615..8205f098ee8 100644 --- a/2020/7xxx/CVE-2020-7479.json +++ b/2020/7xxx/CVE-2020-7479.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7479", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "IGSS (Interactive Graphical SCADA System) (IGSS Version prior to 14.0.0.20009)", + "version": { + "version_data": [ + { + "version_value": "IGSS (Interactive Graphical SCADA System) (Versions 14 and prior using the service: IGSSupdate)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-01/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-01/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service." } ] } diff --git a/2020/7xxx/CVE-2020-7480.json b/2020/7xxx/CVE-2020-7480.json index 0ec124ad329..b943525ac90 100644 --- a/2020/7xxx/CVE-2020-7480.json +++ b/2020/7xxx/CVE-2020-7480.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7480", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Andover Continuum (All versions)", + "version": { + "version_data": [ + { + "version_value": "Andover Continuum (All versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data." } ] } diff --git a/2020/7xxx/CVE-2020-7481.json b/2020/7xxx/CVE-2020-7481.json index bfeae992e93..625cad5fe27 100644 --- a/2020/7xxx/CVE-2020-7481.json +++ b/2020/7xxx/CVE-2020-7481.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7481", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Andover Continuum (All versions)", + "version": { + "version_data": [ + { + "version_value": "Andover Continuum (All versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server." } ] } diff --git a/2020/7xxx/CVE-2020-7482.json b/2020/7xxx/CVE-2020-7482.json index 0521cd693fa..d2d7de3819c 100644 --- a/2020/7xxx/CVE-2020-7482.json +++ b/2020/7xxx/CVE-2020-7482.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-7482", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Andover Continuum (All versions)", + "version": { + "version_data": [ + { + "version_value": "Andover Continuum (All versions)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server." } ] }