CVE-2020-19156

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
References
Link Resource
https://www.seebug.org/vuldb/ssvid-97852 Exploit Third Party Advisory
https://www.seebug.org/vuldb/ssvid-97852 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ari-soft:ari_adminer:1.0:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () https://www.seebug.org/vuldb/ssvid-97852 - Exploit, Third Party Advisory () https://www.seebug.org/vuldb/ssvid-97852 - Exploit, Third Party Advisory

22 Sep 2021, 20:58

Type Values Removed Values Added
CPE cpe:2.3:a:ari-soft:ari_adminer:1.0:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
CWE CWE-79
References (MISC) https://www.seebug.org/vuldb/ssvid-97852 - (MISC) https://www.seebug.org/vuldb/ssvid-97852 - Exploit, Third Party Advisory

15 Sep 2021, 15:35

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-15 14:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-19156

Mitre link : CVE-2020-19156

CVE.ORG link : CVE-2020-19156


JSON object : View

Products Affected

ari-soft

  • ari_adminer
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')