CVE-2020-36634
LOWIndeed Engineering util < 1.0.34 - Cross-Site Scripting in ViewExportedVariablesServlet
Title source: llmDescription
A vulnerability classified as problematic has been found in Indeed Engineering util up to 1.0.33. Affected is the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.34 is able to address this issue. The name of the patch is c0952a9db51a880e9544d9fac2a2218a6bfc9c63. It is recommended to upgrade the affected component. VDB-216882 is the identifier assigned to this vulnerability.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.216882
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.216882
Patch, Third Party Advisory patch
https://github.com/indeedeng/util/commit/c0952a9db51a880e9544d9fac2a2218a6bfc9c63
Release Notes, Third Party Advisory patch
https://github.com/indeedeng/util/releases/tag/published%2F1.0.34
Scores
CVSS v3
2.6
EPSS
0.0050
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
indeed/util
< 1.0.34
Published
Dec 27, 2022
Tracked Since
Feb 18, 2026