Lucene search

[email protected]NVD:CVE-2020-19048

HistoryAug 31, 2021 - 2:15 p.m.

CVE-2020-19048

2021-08-3114:15:25

CWE-79

[email protected]

web.nvd.nist.gov

mybb v1.8.20

xss

remote code injection

add new forum" page

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.6%

JSON

Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the “Title” field found in the “Add New Forum” page by doing an authenticated POST HTTP request to ‘/Upload/admin/index.php?module=forum-management&action=add’.

Affected configurations

Nvd

Node

mybbmybbMatch1.8.20

VendorProductVersionCPE
mybbmybb1.8.20cpe:2.3:a:mybb:mybb:1.8.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	1.8.20	cpe:2.3:a:mybb:mybb:1.8.20:::::::*

References

github.com/joelister/bug/issues/1

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.6%

JSON

Related for NVD:CVE-2020-19048

cve1 prion1 osv1 cvelist1 openvas1