CVE-2019-20211

{"id": "CVE-2019-20211", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-01-13T18:15:14.297", "references": [{"url": "https://cxsecurity.com/issue/WLB-2019120110", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2019120111", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2019120112", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10013", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10014", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10018", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website."}, {"lang": "es", "value": "Los temas CTHthemes CityBook versiones anteriores a la versi\u00f3n 2.3.4, TownHub versiones anteriores a la versi\u00f3n 1.0.6 y EasyBook versiones anteriores a la versi\u00f3n 1.2.2 para WordPress, permiten un ataque de tipo XSS Persistente por medio de Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, o Website."}], "lastModified": "2020-01-14T15:35:50.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cththemes:citybook:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "12FE0E87-061C-4421-A871-2F3304BB943E", "versionEndExcluding": "2.3.4"}, {"criteria": "cpe:2.3:a:cththemes:easybook:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6E8B911B-A6F5-4B33-B87D-2F6D2016BFFA", "versionEndExcluding": "1.2.2"}, {"criteria": "cpe:2.3:a:cththemes:townhub:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3B0C9D33-1E63-4728-988F-F293EDC7AAAA", "versionEndExcluding": "1.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}