1. Home
  2. Vulnerabilities
  3. CVE-2020-13697

CVE-2020-13697

CVSS v3.1 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.07 % (30th)
0.07% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, because the GeneralHandler GET handler prints user input passed through the query string without any sanitization.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2021-02-23 08:15:11
(3 years ago)
Updated Date
2021-02-26 20:54:04
(3 years ago)

Affected Products

Nanohttpd

Configuration #1

    CPE23 From Up To
  Nanohttpd 2.3.1 and prior versions cpe:2.3:a:nanohttpd:nanohttpd <= 2.3.1