Lucene search

MitreCVE-2020-18066

HistoryJun 29, 2021 - 6:15 p.m.

CVE-2020-18066

2021-06-2918:15:08

CWE-79

mitre

web.nvd.nist.gov

cve

2020

18066

cross site scripting

vulnerability

zrlog

post

addcomment

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.2%

JSON

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.

Affected configurations

Nvd

Node

zrlogzrlogMatch2.1.0

VendorProductVersionCPE
zrlogzrlog2.1.0cpe:2.3:a:zrlog:zrlog:2.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zrlog	zrlog	2.1.0	cpe:2.3:a:zrlog:zrlog:2.1.0:::::::*

References

github.com/94fzb/zrlog/issues/42

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.2%

JSON

Related for CVE-2020-18066