Security for everyone

CVE-2020-14413 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in NeDi affects v. 1.9C.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Url

Parent Category

CVE-2020-14413 Scanner Detail

NeDi 1.9C is a network discovery and monitoring tool widely used to manage large-scale networks. Its purpose is to collect data on devices, such as their MAC address, IP address, switch, and port information, and then store and display the data in an organized manner. NeDi helps network administrators identify issues and better manage their network infrastructure, making it an essential tool for any organization that relies heavily on its network.

CVE-2020-14413 is a vulnerability that has been detected in NeDi 1.9C, making the product susceptible to cross-site scripting (XSS) attacks. This vulnerability occurs due to an improper implementation of sanitize() in the inc/libmisc.php file. The sanitize function is intended to sanitize user-controlled values and escape the SCRIPT tag. However, the incorrect implementation leaves it vulnerable to bypassing, allowing a malicious attacker to execute arbitrary code and stealing sensitive data.

When exploited, the CVE-2020-14413 vulnerability can lead to the compromise of the entire network, as well as the exposure of sensitive data, including login credentials and other personal information. Attackers can use this exploit to inject malicious code into web pages, redirect users to phishing sites, and collect valuable data from network devices. Malicious scripts can also be used to launch attacks on other web applications, leading to data breaches and other potential security risks.

With the security features of securityforeveryone.com, the platform provides an easy and quick way to identify vulnerabilities in digital assets. The PRO features offer the ability to test for vulnerabilities, monitor assets, generate reports, and get alerts, thereby providing comprehensive security monitoring and protection. With securityforeveryone.com, users can enjoy a more secure digital environment.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture