CVE-2020-13865

{"id": "CVE-2020-13865", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-06-05T22:15:12.150", "references": [{"url": "https://www.softwaresecured.com/elementor-page-builder-stored-xss/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes."}, {"lang": "es", "value": "El plugin Elementor Page Builder versiones anteriores a 2.9.9 para WordPress, sufre de m\u00faltiples vulnerabilidades de tipo XSS almacenado. Un usuario autor puede crear publicaciones que resulten en vulnerabilidades de tipo XSS almacenado, mediante el uso de un enlace dise\u00f1ado en la URL personalizada o mediante la aplicaci\u00f3n de atributos personalizados"}], "lastModified": "2020-06-09T18:10:15.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9F510872-5BE1-440A-8054-24DFF9653B39", "versionEndExcluding": "2.9.9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}