Lucene search

[email protected]NVD:CVE-2020-19825

HistoryFeb 15, 2023 - 10:15 p.m.

CVE-2020-19825

2023-02-1522:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cross site scripting

kimai2

1.30.0

markdownextension

escalated privileges

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attackers to gain escalated privileges.

Affected configurations

Nvd

Node

kimaikimaiMatch1.30.0

VendorProductVersionCPE
kimaikimai1.30.0cpe:2.3:a:kimai:kimai:1.30.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kimai	kimai	1.30.0	cpe:2.3:a:kimai:kimai:1.30.0:::::::*

References

github.com/kevinpapst/kimai2

github.com/kevinpapst/kimai2/pull/962/files

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

Related for NVD:CVE-2020-19825

osv2 cve1 github1 veracode1 prion1 cvelist1