Lucene search

[email protected]CVE-2020-24609

HistoryAug 25, 2020 - 3:15 p.m.

CVE-2020-24609

2020-08-2515:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-24609

techkshetra

info solutions

savsoft quiz

xss

registration

admin panel

cookie stealing

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.4%

JSON

TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload.

Affected configurations

NVD

Node

techkshetrainfosavsoft_quizRange≤5.5

CPENameOperatorVersion
techkshetrainfo:savsoft_quiztechkshetrainfo savsoft quizle5.5

CPE	Name	Operator	Version
techkshetrainfo:savsoft_quiz	techkshetrainfo savsoft quiz	le	5.5

References

www.exploit-db.com/exploits/48753

www.exploit-db.com/exploits/48785

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

54.4%

JSON

Related for CVE-2020-24609

prion1 cvelist1 exploitdb1 nvd1