Lucene search

K

[email protected]NVD:CVE-2020-7106

HistoryJan 16, 2020 - 4:15 a.m.

CVE-2020-7106

2020-01-1604:15:11

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Affected configurations

NVD

Node

cacticactiRange<1.2.9

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

opensusebackports_sleMatch15.0sp1

OR

opensuseleapMatch15.1

Node

susepackage_hubMatch-

AND

suselinux_enterpriseMatch12.0

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch7.0

OR

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

OR

fedoraprojectextra_packages_for_enterprise_linuxMatch9.0

OR

fedoraprojectfedoraMatch30

OR

fedoraprojectfedoraMatch31

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

lists.opensuse.org/opensuse-security-announce/2020-05/msg00032.html

github.com/Cacti/cacti/issues/3191

lists.debian.org/debian-lts-announce/2020/01/msg00014.html

lists.debian.org/debian-lts-announce/2022/03/msg00038.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUSOTOIEJKD2IWJHN7TY56TDZJQZJUVJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XLZAMGTW2OSIBLYLXWHQBGWP7M4DTRS7/

security.gentoo.org/glsa/202003-40

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

Related for NVD:CVE-2020-7106

freebsd2 debian2 nessus10 cvelist1 osv3 prion1 alpinelinux1 cve1 openvas14 suse5 ubuntucve1 debiancve1 fedora7 gentoo1