A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
References
Link | Resource |
---|---|
http://baigosso.com | Broken Link URL Repurposed |
https://github.com/baigoStudio/baigoSSO | Third Party Advisory |
https://github.com/baigoStudio/baigoSSO/ | Third Party Advisory |
https://github.com/baigoStudio/baigoSSO/issues/13 | Exploit Third Party Advisory |
http://baigosso.com | Broken Link URL Repurposed |
https://github.com/baigoStudio/baigoSSO | Third Party Advisory |
https://github.com/baigoStudio/baigoSSO/ | Third Party Advisory |
https://github.com/baigoStudio/baigoSSO/issues/13 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://baigosso.com - Broken Link, URL Repurposed | |
References | () https://github.com/baigoStudio/baigoSSO - Third Party Advisory | |
References | () https://github.com/baigoStudio/baigoSSO/ - Third Party Advisory | |
References | () https://github.com/baigoStudio/baigoSSO/issues/13 - Exploit, Third Party Advisory |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://baigosso.com - Broken Link, URL Repurposed |
12 Jul 2021, 12:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/baigoStudio/baigoSSO/issues/13 - Exploit, Third Party Advisory | |
References | (MISC) http://baigosso.com - Broken Link | |
References | (MISC) https://github.com/baigoStudio/baigoSSO/ - Third Party Advisory | |
References | (MISC) https://github.com/baigoStudio/baigoSSO - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:baigo:baigo_cms:4.0:beta1:*:*:*:*:*:* |
08 Jul 2021, 16:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-08 16:15
Updated : 2024-11-21 05:12
NVD link : CVE-2020-20584
Mitre link : CVE-2020-20584
CVE.ORG link : CVE-2020-20584
JSON object : View
Products Affected
baigo
- baigo_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')