Lucene search

[email protected]CVE-2020-21643

HistoryApr 28, 2023 - 8:15 p.m.

CVE-2020-21643

2023-04-2820:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-21643

cross site scripting

xss

hongcms 3.0

security vulnerability

arbitrary code

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.4%

JSON

Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.

Affected configurations

NVD

Node

hongcms_projecthongcmsMatch3.0.0

CPENameOperatorVersion
hongcms_project:hongcmshongcms project hongcmseq3.0.0

CPE	Name	Operator	Version
hongcms_project:hongcms	hongcms project hongcms	eq	3.0.0

References

github.com/Neeke/HongCMS/issues/15

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for CVE-2020-21643

cvelist1 nvd1 prion1