CVE-2020-17364

MEDIUM

USVN < 1.0.9 - Cross-Site Scripting via SVN Logs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-17364. PoCs published by tnpitsecurity.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2020-17364, a stored XSS vulnerability in USVN. It includes a step-by-step explanation of the exploit, affected versions, and mitigation steps.

Description

USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.

Exploits (1)

github WRITEUP 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-17364

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2020-17364, a stored XSS vulnerability in USVN. It includes a step-by-step explanation of the exploit, affected versions, and mitigation steps.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: USVN < 1.0.8

Auth required

Prerequisites: Access to a USVN repository · Ability to commit files to the repository

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Not Applicable x_refsource_misc

https://sysdream.com/news/lab/

Patch, Third Party Advisory x_refsource_misc

https://github.com/usvn/usvn/compare/1.0.8...1.0.9

Scores

CVSS v3 6.1

EPSS 0.0078

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

usvn/user-friendly_svn < 1.0.9

Published Aug 05, 2020

Tracked Since Feb 18, 2026