CVE-2020-6847
MEDIUMOpenTrade < 0.2.0 - Authenticated DOM-Based Cross-Site Scripting via Message Deletion
Title source: llmDescription
OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe
Third Party Advisory x_refsource_misc
https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473
Third Party Advisory x_refsource_confirm
https://github.com/3s3s/opentrade/pull/337
Scores
CVSS v3
5.4
EPSS
0.0093
EPSS Percentile
56.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
opentrade_project/opentrade
< 0.2.0
Published
Jan 11, 2020
Tracked Since
Feb 18, 2026