Home > Vulnerability Database > CVE-2020-36826

Mend.io Vulnerability Database

CVE-2020-36826

Good to know:

Date: March 25, 2024

A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.

Language: JS

Severity Score

3.5

Related Resources (6)

Url: https://github.com/AwesomestCode/LiveBot/releases/tag/0.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36826

Url: https://vuldb.com/?ctiid.257784

Url: https://vuldb.com/?id.257784

Url: https://github.com/AwesomestCode/LiveBot/commit/57505527f838d1e46e8f93d567ba552a30185bfa

Url: https://www.mend.io/vulnerability-database/CVE-2020-36826

Severity Score

3.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 0.1

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36826

Good to know:

Date: March 25, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?