Lucene search

[email protected]CVE-2020-27850

HistoryJan 20, 2021 - 4:15 a.m.

CVE-2020-27850

2021-01-2004:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-27850

cross-site scripting

xss

rocketgenius gravity forms

security vulnerability

web security

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).

Affected configurations

NVD

Node

rocketgeniusgravityformsRange<2.4.21wordpress

CPENameOperatorVersion
rocketgenius:gravityformsrocketgenius gravityformslt2.4.21

CPE	Name	Operator	Version
rocketgenius:gravityforms	rocketgenius gravityforms	lt	2.4.21

References

www.digital.security/advisories/cert-ds_advisory_cve-2020-27850.txt

Social References

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVE-2020-27850

cvelist1 nvd1 github1 prion1 osv1