RVD#3318: XSS-like attacks for authenticated users in ABB System 800xA Information Manager

[rvd-bot]

id: 3318
title: 'RVD#3318: XSS-like attacks for authenticated users in ABB System 800xA Information Manager'
type: vulnerability
description: The installations for ABB System 800xA Information Manager versions 5.1,
  6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able
  to use this for an XSS-like attack to an authenticated local user, which might lead
  to execution of arbitrary code.
cwe: CWE-79
cve: CVE-2020-8477
keywords: ''
system: 'ABB System 800xA Information Manager'
vendor: ABB
severity:
  rvss-score: 0
  rvss-vector: ''
  severity-description: 'high'
  cvss-score: 8.8
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8477
- https://vulners.com/cve/CVE-2020-8477
- https://github.com/aliasrobotics/RVD/issues/3318
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: '2020-04-22'
  detected-by: ''
  detected-by-method: N/A
  date-reported: '2020-07-04'
  reported-by: ''
  reported-by-relationship: N/A
  issue: https://github.com/aliasrobotics/RVD/issues/3318
  reproducibility: ''
  trace: ''
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''