VDB

DEBIAN-CVE-2020-28502

DEBIAN-CVE-2020-28502 PUBLISHED CVSS 8.100000381469727 HIGH

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11node-xmlhttprequest0, 0, 0
Debian:14node-xmlhttprequest0, 0, 0
Debian:13node-xmlhttprequest0, 0, 0
Debian:12node-xmlhttprequest0, 0, 0

Exploit Intelligence

Timeline

  • Mar 5, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›