Note:
This project will be discontinued after December 13, 2021. [more]
Product:
S2020_firmware
(Ge)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-09-25 | CVE-2020-16242 | The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | S2020_firmware, S2024_firmware | 6.1 | ||
2020-10-20 | CVE-2020-16246 | The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | S2020_firmware, S2024_firmware | 6.1 | ||
2019-12-18 | CVE-2019-18267 | An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. | S2020_firmware, S2020g_firmware | N/A |