CVE-2020-28149 – CVE-2020-28149 is a cross-site scripting vulner... (How to Fix)

Q: What is the severity of CVE-2020-28149?

CVE-2020-28149 has a CVSS score of 9.6 (CRITICAL). CVE-2020-28149 is a cross-site scripting vulnerability in myDBR reporting software that allows attackers to inject malicious scripts via CSRF tokens. This enables remote code execution in the context of the victim's browser session. Organizations using myDBR 5.8.3/4262 are affected.

📋 TL;DR

CVE-2020-28149 is a cross-site scripting vulnerability in myDBR reporting software that allows attackers to inject malicious scripts via CSRF tokens. This enables remote code execution in the context of the victim's browser session. Organizations using myDBR 5.8.3/4262 are affected.

💻 Affected Systems

Products:

myDBR

Versions: 5.8.3/4262

Operating Systems: All platforms running myDBR

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of the affected version are vulnerable regardless of configuration.

📦 What is this software?

Mydbr by Mydbr

View all CVEs affecting Mydbr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user sessions, data theft, and potential lateral movement within the organization's network through browser-based attacks.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized access to sensitive reporting data within myDBR.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some data exposure may still occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) but the XSS payload execution is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.4 or later

Vendor Advisory: https://c41nc.co.uk/cve-2020-28149/

Restart Required: Yes

Instructions:

1. Download latest myDBR version from official source. 2. Backup current installation. 3. Apply update following vendor instructions. 4. Restart myDBR services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for CSRF tokens to reject malicious payloads

Implement server-side validation: if (!preg_match('/^[a-zA-Z0-9]+$/', $csrf_token)) { reject_request(); }

Content Security Policy

all

Implement CSP headers to restrict script execution sources

Header set Content-Security-Policy "script-src 'self'"
Header set X-Content-Type-Options "nosniff"

🧯 If You Can't Patch

Implement WAF rules to block XSS payloads in CSRF token parameters
Restrict network access to myDBR instances to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check myDBR version in admin interface or configuration files. If version is 5.8.3/4262, system is vulnerable.

Check Version:

Check myDBR web interface admin panel or examine version.txt in installation directory

Verify Fix Applied:

Verify version is 5.8.4 or later and test CSRF token handling with XSS payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual length CSRF tokens
CSRF tokens containing script tags or JavaScript patterns
Multiple failed CSRF validation attempts

Network Indicators:

HTTP requests with suspicious parameters in CSRF token fields
External domains loading in myDBR context

SIEM Query:

source="myDBR" AND (csrftoken="*<script>*" OR csrftoken="*javascript:*" OR csrftoken LENGTH > 100)

📊 Metadata

CVE ID: CVE-2020-28149

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: March 15, 2021

Last Updated: November 21, 2024

🔗 References

https://c41nc.co.uk/cve-2020-28149/ Exploit,Third Party Advisory
https://c41nc.co.uk/cve-2020-28149/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28149, you might also want to check these: