CVE-2020-29230

{"id": "CVE-2020-29230", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-12-30T19:15:13.640", "references": [{"url": "http://egavilanmedia.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-29230.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://egavilanmedia.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-29230.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload."}, {"lang": "es", "value": "EGavilanMedia User Registration and Login System With Admin Panel versi\u00f3n 1.0, est\u00e1 afectado por un vulnerabilidad de tipo cross-site scripting (XSS) en la pesta\u00f1a Manage User de Admin Panel usando el Full Name del usuario. Esta vulnerabilidad puede resultar en que el atacante inyecte una carga \u00fatil de tipo XSS en la secci\u00f3n User Registration y cada vez que el administrador visite la secci\u00f3n de administraci\u00f3n de usuarios desde el panel de administraci\u00f3n, el XSS se desencadena y el atacante puede ser capaz de robar la cookie de acuerdo con la carga \u00fatil dise\u00f1ada."}], "lastModified": "2024-11-21T05:23:48.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:egavilanmedia:user_registration_and_login_system_with_admin_panel:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E4236EE-3F31-4395-9CD5-D00F52F6B3C2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}