{"id":"CVE-2020-21101","details":"Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.","modified":"2026-04-10T04:24:42.653594Z","published":"2021-04-29T17:15:08.877Z","references":[{"type":"ADVISORY","url":"https://github.com/Screenly/screenly-ose/issues/1254"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/screenly/screenly-ose","events":[{"introduced":"0"},{"last_affected":"85732dd849d430cd1202f1dbdf75961ff9463f21"},{"introduced":"0"},{"last_affected":"7f3be71ebd00f04d117ce629b2d4af7626cc7564"},{"introduced":"0"},{"last_affected":"02543d21b5ed2f5d7c864b5a264e9e766d6fd7ac"},{"introduced":"0"},{"last_affected":"2b192f32574e1a3fef876ab10b21c9725e205d0b"},{"introduced":"0"},{"last_affected":"71526ead57c486e3e6fb1e57924bf9d1c7ff186e"},{"introduced":"0"},{"last_affected":"8f329b0914d0ae88e6571700b0a1db1dd6cfeb90"},{"introduced":"0"},{"last_affected":"7bef4244e4ffca4a173716266e1837865a40a5dd"},{"introduced":"0"},{"last_affected":"014bc04b11d4bebc8f4fa2430209421070e04f2c"},{"introduced":"0"},{"last_affected":"62bfe2ff477122ee97bf1b1017e94abffad52013"},{"introduced":"0"},{"last_affected":"62bfe2ff477122ee97bf1b1017e94abffad52013"},{"introduced":"0"},{"last_affected":"ed949788244749a3b701113e761dd2ab59ce3466"},{"introduced":"0"},{"last_affected":"618864dbc056790c8f138b0da79a6a3041adbed3"},{"introduced":"0"},{"last_affected":"8a98dc0e55cd7a98e036486dd0b50451fa824103"},{"introduced":"0"},{"last_affected":"8eabdfbaee4e67e537e689714a5b76000ee8f085"},{"introduced":"0"},{"last_affected":"6c2c2fd78099895fc3797024f926af77c16fa38d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9"},{"introduced":"0"},{"last_affected":"0.9.1"},{"introduced":"0"},{"last_affected":"0.10"},{"introduced":"0"},{"last_affected":"0.11"},{"introduced":"0"},{"last_affected":"0.12"},{"introduced":"0"},{"last_affected":"0.12.1"},{"introduced":"0"},{"last_affected":"0.13"},{"introduced":"0"},{"last_affected":"0.14"},{"introduced":"0"},{"last_affected":"0.15"},{"introduced":"0"},{"last_affected":"0.15.1"},{"introduced":"0"},{"last_affected":"0.16"},{"introduced":"0"},{"last_affected":"0.17"},{"introduced":"0"},{"last_affected":"0.18"},{"introduced":"0"},{"last_affected":"0.18.1"},{"introduced":"0"},{"last_affected":"0.18.2"}]}}],"versions":["0.16","0.17","0.18","0.18.1","0.18.2","v0.10","v0.11","v0.12","v0.12.1","v0.13","v0.14","v0.15","v0.15.1","v0.9","v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21101.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}