What is CVE-2020-29071?

CVE-2020-29071 is a critical-severity vulnerability in Liquidfiles, classified under Cross-site Scripting. CVSS score: 9.0/10. Published 2020-11-25.

How severe is CVE-2020-29071?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Is CVE-2020-29071 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Liquidfiles

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges f…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.016 (73.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Liquidfiles
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

lean0x2F/lean0x2f.github.io

References

cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC, Release Notes, Vendor Advisory)

Frequently asked questions

What is CVE-2020-29071?: CVE-2020-29071 is a critical-severity vulnerability in Liquidfiles, classified under Cross-site Scripting. CVSS score: 9.0/10. Published 2020-11-25.
How severe is CVE-2020-29071?: Critical severity. CVSS v3 base score is 9.0 out of 10.
Is CVE-2020-29071 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.