CVE-2020-27449

{"id": "CVE-2020-27449", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-08-11T14:15:10.840", "references": [{"url": "https://bugbounty.zoho.com/bb/#/bug/101000003619211", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11002", "tags": ["Product", "Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n Query Report en Zoho ManageEngine Password Manager Pro versi\u00f3n 11001, permite a atacantes remotos ejecutar c\u00f3digo arbitrario y robar cookies a trav\u00e9s de un payload JavaScript manipulado. "}], "lastModified": "2023-08-16T15:37:52.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "564A39DB-D202-4223-97E9-E6378CE69013"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}