Vulnerability in Mbconnectline Mbconnect24

CVE-2020-35564

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.

EPSS: 0.009 (55.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-35564?
CVE-2020-35564 is a high-severity vulnerability in Mbconnectline Mbconnect24, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.5/10. Published 2021-02-16.
How severe is CVE-2020-35564?
High severity. CVSS v3 base score is 7.5 out of 10.