Lucene search

MitreCVE-2020-23049

HistoryOct 22, 2021 - 8:15 p.m.

CVE-2020-23049

2021-10-2220:15:10

CWE-79

mitre

web.nvd.nist.gov

cve-2020-23049

fork cms

content management system

xss

displayname

add

edit

web security

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Displayname field when using the Add, Edit or `Register’ functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

Affected configurations

Nvd

Node

fork-cmsfork_cmsMatch5.8.0

VendorProductVersionCPE
fork-cmsfork_cms5.8.0cpe:2.3:a:fork-cms:fork_cms:5.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fork-cms	fork_cms	5.8.0	cpe:2.3:a:fork-cms:fork_cms:5.8.0:::::::*

References

www.vulnerability-lab.com/get_content.php?id=2208

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for CVE-2020-23049