CVE-2020-15718

{"id": "CVE-2020-15718", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-07-15T20:15:13.570", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15718.md", "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184944", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL."}, {"lang": "es", "value": "RosarioSIS versiones 6.7.2, es vulnerable a un ataque de tipo XSS, causado por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario mediante el script PrintSchedules.php. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando el par\u00e1metro include_inactive en una URL dise\u00f1ada"}], "lastModified": "2025-04-16T15:15:45.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A870F8E-3082-421C-A701-75D43DD6276C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}