Lucene search

[email protected]CVE-2020-26669

HistoryJun 01, 2021 - 3:15 p.m.

CVE-2020-26669

2021-06-0115:15:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-26669

xss

vulnerability

bigtree cms

security

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.4%

JSON

A stored cross-site scripting (XSS) vulnerability was discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary web scripts or HTML via the page content to site/index.php/admin/pages/update.

CPENameOperatorVersion
bigtreecms:bigtree_cmsbigtreecms bigtree cmsle4.4.10

CPE	Name	Operator	Version
bigtreecms:bigtree_cms	bigtreecms bigtree cms	le	4.4.10

References

www.exploit-db.com/exploits/48831

Social References

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

17.4%

JSON

Related for CVE-2020-26669

cvelist1 prion1 osv1 openvas1