Lucene search

[email protected]NVD:CVE-2020-35396

HistoryDec 15, 2020 - 4:15 p.m.

CVE-2020-35396

2020-12-1516:15:16

CWE-79

[email protected]

web.nvd.nist.gov

egavilan barcodes generator

cross site scripting

xss

index.php

web application

attacker

payload

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.009

Percentile

83.3%

JSON

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.

Affected configurations

Nvd

Node

egavilanmediabarcodes_generatorMatch1.0

VendorProductVersionCPE
egavilanmediabarcodes_generator1.0cpe:2.3:a:egavilanmedia:barcodes_generator:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
egavilanmedia	barcodes_generator	1.0	cpe:2.3:a:egavilanmedia:barcodes_generator:1.0:::::::*

References

egavilanmedia.com/

nikhilkumar01.medium.com/cve-2020-35396-f4b5675fb168

www.exploit-db.com/exploits/49227

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.009

Percentile

83.3%

JSON

Related for NVD:CVE-2020-35396

cvelist1 prion1 cve1