Lucene search

[email protected]NVD:CVE-2020-21101

HistoryApr 29, 2021 - 5:15 p.m.

CVE-2020-21101

2021-04-2917:15:08

CWE-79

[email protected]

web.nvd.nist.gov

screenly

cross site scriptiong

remote execution

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the ‘Add Asset’ page via manipulation of a ‘URL’ field, which could let a remote malicious user execute arbitrary code.

Affected configurations

Nvd

Node

screenlyscreenlyMatch0.9ose

screenlyscreenlyMatch0.9.1ose

screenlyscreenlyMatch0.10ose

screenlyscreenlyMatch0.11ose

screenlyscreenlyMatch0.12ose

screenlyscreenlyMatch0.12.1ose

screenlyscreenlyMatch0.13ose

screenlyscreenlyMatch0.14ose

screenlyscreenlyMatch0.15ose

screenlyscreenlyMatch0.15.1ose

screenlyscreenlyMatch0.16ose

screenlyscreenlyMatch0.17ose

screenlyscreenlyMatch0.18ose

screenlyscreenlyMatch0.18.1ose

screenlyscreenlyMatch0.18.2ose

VendorProductVersionCPE
screenlyscreenly0.9cpe:2.3:a:screenly:screenly:0.9:*:*:*:ose:*:*:*
screenlyscreenly0.9.1cpe:2.3:a:screenly:screenly:0.9.1:*:*:*:ose:*:*:*
screenlyscreenly0.10cpe:2.3:a:screenly:screenly:0.10:*:*:*:ose:*:*:*
screenlyscreenly0.11cpe:2.3:a:screenly:screenly:0.11:*:*:*:ose:*:*:*
screenlyscreenly0.12cpe:2.3:a:screenly:screenly:0.12:*:*:*:ose:*:*:*
screenlyscreenly0.12.1cpe:2.3:a:screenly:screenly:0.12.1:*:*:*:ose:*:*:*
screenlyscreenly0.13cpe:2.3:a:screenly:screenly:0.13:*:*:*:ose:*:*:*
screenlyscreenly0.14cpe:2.3:a:screenly:screenly:0.14:*:*:*:ose:*:*:*
screenlyscreenly0.15cpe:2.3:a:screenly:screenly:0.15:*:*:*:ose:*:*:*
screenlyscreenly0.15.1cpe:2.3:a:screenly:screenly:0.15.1:*:*:*:ose:*:*:*

Vendor	Product	Version	CPE
screenly	screenly	0.9	cpe:2.3:a:screenly:screenly:0.9::::ose:::
screenly	screenly	0.9.1	cpe:2.3:a:screenly:screenly:0.9.1::::ose:::
screenly	screenly	0.10	cpe:2.3:a:screenly:screenly:0.10::::ose:::
screenly	screenly	0.11	cpe:2.3:a:screenly:screenly:0.11::::ose:::
screenly	screenly	0.12	cpe:2.3:a:screenly:screenly:0.12::::ose:::
screenly	screenly	0.12.1	cpe:2.3:a:screenly:screenly:0.12.1::::ose:::
screenly	screenly	0.13	cpe:2.3:a:screenly:screenly:0.13::::ose:::
screenly	screenly	0.14	cpe:2.3:a:screenly:screenly:0.14::::ose:::
screenly	screenly	0.15	cpe:2.3:a:screenly:screenly:0.15::::ose:::
screenly	screenly	0.15.1	cpe:2.3:a:screenly:screenly:0.15.1::::ose:::

Rows per page:

1-10 of 151

References

github.com/Screenly/screenly-ose/issues/1254

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for NVD:CVE-2020-21101

osv1 cvelist1 cve1 prion1