{"api_version":"1","generated_at":"2026-05-13T04:14:46+00:00","cve":"CVE-2020-9299","urls":{"html":"https://cve.report/CVE-2020-9299","api":"https://cve.report/api/cve/CVE-2020-9299.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9299","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9299"},"summary":{"title":"CVE-2020-9299","description":"There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.","state":"PUBLIC","assigner":"security-report@netflix.com","published_at":"2020-11-09 15:15:00","updated_at":"2020-11-17 20:19:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md","name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md","refsource":"MISC","tags":["Third Party Advisory"],"title":"security-bulletins/nflx-2020-004.md at master · Netflix/security-bulletins · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/Netflix/dispatch/releases/tag/v20201106","name":"https://github.com/Netflix/dispatch/releases/tag/v20201106","refsource":"MISC","tags":["Third Party Advisory"],"title":"Release Release v20201106 · Netflix/dispatch · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9299","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9299","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9299","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netflix","cpe5":"dispatch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9299","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netflix","cpe5":"dispatch","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-9299","ASSIGNER":"security-report@netflix.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Netflix Dispatch","version":{"version_data":[{"version_value":"All versions prior to v20201106"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Multiple Cross-Site Scripting Vulnerabilities"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/Netflix/dispatch/releases/tag/v20201106","url":"https://github.com/Netflix/dispatch/releases/tag/v20201106"},{"refsource":"MISC","name":"https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md","url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md"}]},"description":{"description_data":[{"lang":"eng","value":"There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user."}]}},"nvd":{"publishedDate":"2020-11-09 15:15:00","lastModifiedDate":"2020-11-17 20:19:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.3,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*","versionEndExcluding":"20201106","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9299","Ordinal":"169681","Title":"CVE-2020-9299","CVE":"CVE-2020-9299","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9299","Ordinal":"1","NoteData":"There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9299","Ordinal":"2","NoteData":"2020-11-09","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9299","Ordinal":"3","NoteData":"2020-11-09","Type":"Other","Title":"Modified"}]}}}