CVE-2020-21316

{"id": "CVE-2020-21316", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-06-15T20:15:11.300", "references": [{"url": "https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/94fzb/zrlog/issues/56", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross-site scripting (XSS) en la secci\u00f3n de comentarios en ZrLog versi\u00f3n 2.1.3, que permite a atacantes remotos inyectar un script web arbitrario y robar las cookies del administrador por medio del par\u00e1metro nickname y conseguir acceso al panel de administraci\u00f3n"}], "lastModified": "2021-06-22T01:05:11.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zrlog:zrlog:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E79549A-322A-43AB-956A-653C832A9F1A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}