CVE-2020-21266

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-21266

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-21266.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-21266

Published

2020-10-29T14:15:12.570Z

Modified

2025-11-14T10:55:52.344446Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.

References

https://www.broadleafcommerce.com/docs/core/5.1/release-notes/5.1.15-ga

Affected packages

Git / github.com/broadleafcommerce/broadleafcommerce

Affected ranges

Type: GIT
Repo: https://github.com/broadleafcommerce/broadleafcommerce
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

876193031be426e848a8faf19cf164a649428801

Affected versions

broadleaf-1.*

broadleaf-1.5.0-GA

broadleaf-1.6.0-GA

broadleaf-1.6.0-M1

broadleaf-1.6.0-M2

broadleaf-2.*

broadleaf-2.0.0-GA

broadleaf-2.0.1-GA

broadleaf-2.0.2-GA

broadleaf-2.0.3-GA

broadleaf-2.0.4-GA

broadleaf-2.0.5-GA

broadleaf-2.0.6-GA

broadleaf-2.0.7-GA

broadleaf-2.1.0-GA

broadleaf-2.1.0-RC1

broadleaf-2.1.0-RC2

broadleaf-2.1.1-GA

broadleaf-2.1.2-GA

broadleaf-2.2.0-GA

broadleaf-2.2.0-RC1

broadleaf-2.2.0-RC2

broadleaf-2.2.1-RC1

broadleaf-2.3.0-M1

broadleaf-2.3.0-M2

broadleaf-2.3.0-M2-1

broadleaf-2.3.0-M2-2

broadleaf-2.3.0-M2-3

broadleaf-2.3.0-M2-4

broadleaf-2.3.0-M2-5

broadleaf-3.*

broadleaf-3.0.0-ALPHA1

broadleaf-3.0.0-ALPHA2

broadleaf-3.0.0-ALPHA3

broadleaf-3.0.0-BETA1

broadleaf-3.0.0-BETA2

broadleaf-3.0.0-BETA3

broadleaf-3.0.0-GA

broadleaf-3.0.1-GA

broadleaf-3.0.10-GA

broadleaf-3.0.11-GA

broadleaf-3.0.12-GA

broadleaf-3.0.13-GA

broadleaf-3.0.14-GA

broadleaf-3.0.15-GA

broadleaf-3.0.16-GA

broadleaf-3.0.2-GA

broadleaf-3.0.3-GA

broadleaf-3.0.4-GA

broadleaf-3.0.5-GA

broadleaf-3.0.6-GA

broadleaf-3.0.7-GA

broadleaf-3.0.8-GA

broadleaf-3.0.9-GA

broadleaf-3.1.0-ALPHA1

broadleaf-3.1.0-ALPHA2

broadleaf-3.1.0-GA

broadleaf-3.1.0-M1

broadleaf-3.1.0-M2

broadleaf-3.1.0-M2-1

broadleaf-3.1.0-M2-2

broadleaf-3.1.0-M2-3

broadleaf-3.1.0-M2-4

broadleaf-3.1.0-M2-5

broadleaf-3.1.0-M2-6

broadleaf-3.1.1-GA

broadleaf-3.1.10-GA

broadleaf-3.1.11-GA

broadleaf-3.1.12-GA

broadleaf-3.1.13-GA

broadleaf-3.1.14-GA

broadleaf-3.1.15-GA

broadleaf-3.1.2-GA

broadleaf-3.1.3-GA

broadleaf-3.1.4-GA

broadleaf-3.1.5-GA

broadleaf-3.1.6-GA

broadleaf-3.1.7-GA

broadleaf-3.1.8-GA

broadleaf-3.1.9-GA

broadleaf-4.*

broadleaf-4.0.0-BETA10

broadleaf-4.0.0-BETA11

broadleaf-4.0.0-BETA12

broadleaf-4.0.0-BETA13

broadleaf-4.0.0-BETA14

broadleaf-4.0.0-BETA15

broadleaf-4.0.0-BETA3

broadleaf-4.0.0-BETA4

broadleaf-4.0.0-BETA5

broadleaf-4.0.0-BETA6

broadleaf-4.0.0-BETA7

broadleaf-4.0.0-BETA8

broadleaf-4.0.0-BETA9

broadleaf-4.0.0-GA

broadleaf-4.0.0-PATCH1

broadleaf-4.0.0-PATCHSOLR1

broadleaf-4.0.0-RC1

broadleaf-4.0.0-RC2

broadleaf-4.0.0-RC3

broadleaf-4.0.0-RC4

broadleaf-4.0.0-RC5

broadleaf-4.0.0-RC6

broadleaf-4.0.0-RC7

broadleaf-4.0.0-RC8

broadleaf-4.0.1-GA

broadleaf-4.0.1-PATCH1

broadleaf-4.0.1-PATCH2

broadleaf-4.0.10-GA

broadleaf-4.0.11-GA

broadleaf-4.0.12-GA

broadleaf-4.0.13-GA

broadleaf-4.0.14-GA

broadleaf-4.0.15-GA

broadleaf-4.0.16-GA

broadleaf-4.0.17-GA

broadleaf-4.0.18-GA

broadleaf-4.0.19-GA

broadleaf-4.0.2-GA

broadleaf-4.0.20-GA

broadleaf-4.0.21-GA

broadleaf-4.0.21-PERF1

broadleaf-4.0.21-PERF2

broadleaf-4.0.21-PERF3

broadleaf-4.0.21-PERF4

broadleaf-4.0.21-PERF5

broadleaf-4.0.21-PERF6

broadleaf-4.0.21-PERF7

broadleaf-4.0.22-GA

broadleaf-4.0.23-GA

broadleaf-4.0.24-GA

broadleaf-4.0.25-GA

broadleaf-4.0.26-GA

broadleaf-4.0.3-GA

broadleaf-4.0.4-GA

broadleaf-4.0.5-BETA1

broadleaf-4.0.5-GA

broadleaf-4.0.6-GA

broadleaf-4.0.7-GA

broadleaf-4.0.8-GA

broadleaf-4.0.9-GA

broadleaf-4.1.0-GA

broadleaf-4.1.1-GA

broadleaf-4.1.2-GA

broadleaf-4.1.3-GA

broadleaf-4.1.4-GA

broadleaf-4.1.5-GA

broadleaf-5.*

broadleaf-5.0.0-GA

broadleaf-5.0.0-M1

broadleaf-5.0.0-M3

broadleaf-5.0.0-M4

broadleaf-5.0.0-RC1

broadleaf-5.0.0-RC2

broadleaf-5.0.1-GA

broadleaf-5.0.10-GA

broadleaf-5.0.10.1-GA

broadleaf-5.0.10.2-GA

broadleaf-5.0.10.3-GA

broadleaf-5.0.11-GA

broadleaf-5.0.12-GA

broadleaf-5.0.13-GA

broadleaf-5.0.14-GA

broadleaf-5.0.15-GA

broadleaf-5.0.16-GA

broadleaf-5.0.17-GA

broadleaf-5.0.2-GA

broadleaf-5.0.3-GA

broadleaf-5.0.4-GA

broadleaf-5.0.5-GA

broadleaf-5.0.6-GA

broadleaf-5.0.7-GA

broadleaf-5.0.8-GA

broadleaf-5.0.9-GA

broadleaf-5.1.0-GA

broadleaf-5.1.1-GA

broadleaf-5.1.10-GA

broadleaf-5.1.10-M1

broadleaf-5.1.11-GA

broadleaf-5.1.12-GA

broadleaf-5.1.13-GA

broadleaf-5.1.14-GA

broadleaf-5.1.3-GA

broadleaf-5.1.4-GA

broadleaf-5.1.4-PERF1

broadleaf-5.1.4-PERF2

broadleaf-5.1.5-GA

broadleaf-5.1.6-GA

broadleaf-5.1.7-GA

broadleaf-5.1.8-GA

broadleaf-5.1.9-GA

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-21266.json"