Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for FNIP-4xSH by P5

    CVE-2020-37148 (GCVE-0-2020-37148)

    Vulnerability from nvd – Published: 2026-02-05 16:14 – Updated: 2026-05-25 23:41
    VLAI
    Title
    P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)
    Summary
    P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
    Assigner
    Impacted products
    Vendor Product Version
    P5 FNIP-8x16A Affected: 1.0.20
    Affected: 1.0.11
    Create a notification for this product.
    P5 FNIP-4xSH Affected: 1.0.20
    Affected: 1.0.11
    Create a notification for this product.
    Date Public
    2020-01-29 00:00
    Credits
    Gjoko 'LiquidWorm' Krstic (@zeroscience)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-37148",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T16:57:44.332371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T16:58:39.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FNIP-8x16A",
              "vendor": "P5",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "FNIP-4xSH",
              "vendor": "P5",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gjoko \u0027LiquidWorm\u0027 Krstic (@zeroscience)"
            }
          ],
          "datePublic": "2020-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user\u0027s browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the \u0027lab4\u0027 parameter in config.html."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:11.029Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5564)",
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php"
            },
            {
              "name": "ExploitDB-48362",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/48362"
            },
            {
              "name": "Packet Storm Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/156170/P5-FNIP-8x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html"
            },
            {
              "name": "IBM X-Force Vulnerability Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176993"
            },
            {
              "name": "P5 Vendor Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.p5.hu/"
            },
            {
              "name": "VulnCheck Advisory: P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/p-fnip-xafnip-xsh-stored-cross-site-scripting-xss"
            }
          ],
          "title": "P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-37148",
        "datePublished": "2026-02-05T16:14:54.874Z",
        "dateReserved": "2026-02-03T16:27:45.309Z",
        "dateUpdated": "2026-05-25T23:41:11.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-37148 (GCVE-0-2020-37148)

    Vulnerability from cvelistv5 – Published: 2026-02-05 16:14 – Updated: 2026-05-25 23:41
    VLAI
    Title
    P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)
    Summary
    P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
    Assigner
    Impacted products
    Vendor Product Version
    P5 FNIP-8x16A Affected: 1.0.20
    Affected: 1.0.11
    Create a notification for this product.
    P5 FNIP-4xSH Affected: 1.0.20
    Affected: 1.0.11
    Create a notification for this product.
    Date Public
    2020-01-29 00:00
    Credits
    Gjoko 'LiquidWorm' Krstic (@zeroscience)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-37148",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T16:57:44.332371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-05T16:58:39.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FNIP-8x16A",
              "vendor": "P5",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "FNIP-4xSH",
              "vendor": "P5",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.0.11"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gjoko \u0027LiquidWorm\u0027 Krstic (@zeroscience)"
            }
          ],
          "datePublic": "2020-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user\u0027s browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the \u0027lab4\u0027 parameter in config.html."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-25T23:41:11.029Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "Zero Science Lab Disclosure (ZSL-2020-5564)",
              "tags": [
                "technical-description",
                "exploit"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php"
            },
            {
              "name": "ExploitDB-48362",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/48362"
            },
            {
              "name": "Packet Storm Entry",
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/156170/P5-FNIP-8x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html"
            },
            {
              "name": "IBM X-Force Vulnerability Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/176993"
            },
            {
              "name": "P5 Vendor Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.p5.hu/"
            },
            {
              "name": "VulnCheck Advisory: P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/p-fnip-xafnip-xsh-stored-cross-site-scripting-xss"
            }
          ],
          "title": "P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2020-37148",
        "datePublished": "2026-02-05T16:14:54.874Z",
        "dateReserved": "2026-02-03T16:27:45.309Z",
        "dateUpdated": "2026-05-25T23:41:11.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }