CVE-2020-10196

{"id": "CVE-2020-10196", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-03-13T16:15:12.267", "references": [{"url": "https://wpvulndb.com/vulnerabilities/10127", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10127", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-popup-builder-plugin-affecting-over-100000-sites/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications."}, {"lang": "es", "value": "Una vulnerabilidad de tipo XSS en el plugin popup-builder versiones anteriores a 3.64.1 para WordPress, permite a atacantes remotos inyectar JavaScript arbitrario en los ventanas emergentes existentes por medio de una acci\u00f3n ajax no segura en el archivo com/classes/Ajax.php. Es posible que un atacante no autenticado inserte JavaScript malicioso en varios de los campos de la ventana emergente mediante el env\u00edo de una petici\u00f3n al archivo wp-admin/admin-ajax.php con el par\u00e1metro POST action de sgpb_autosave e incluyendo datos adicionales en un par\u00e1metro allPopupData, incluyendo el ID de la ventana emergente (que es visible en la fuente de la p\u00e1gina en la que se inserta la ventana emergente) y JavaScript arbitrario que luego ser\u00e1 ejecutado en los navegadores de los visitantes a esa p\u00e1gina. Debido a que la funcionalidad del plugin incorpora autom\u00e1ticamente etiquetas de script en los datos introducidos en estos campos, esta inyecci\u00f3n t\u00edpicamente omitir\u00e1 la mayor\u00eda de las aplicaciones WAF."}], "lastModified": "2024-11-21T04:54:57.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sygnoos:popup-builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B8D3F7DC-D503-4716-974F-01B47E70E3F7", "versionEndExcluding": "3.64.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}