Lucene search

[email protected]CVE-2020-35274

HistoryDec 21, 2020 - 3:15 p.m.

CVE-2020-35274

2020-12-2115:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2020-35274

dotcms

add template

admin panel

xss

remote privileges

security compromise

stored xss attack

cookie stealing

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

39.0%

JSON

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.

Affected configurations

NVD

Node

dotcmsdotcmsMatch20.11

CPENameOperatorVersion
dotcms:dotcmsdotcmseq20.11

CPE	Name	Operator	Version
dotcms:dotcms	dotcms	eq	20.11

References

dotcms.com

www.exploit-db.com/exploits/49168

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

39.0%

JSON

Related for CVE-2020-35274

cvelist1 osv1 prion1 nvd1