CVE-2020-11083

{"id": "CVE-2020-11083", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-07-14T21:15:10.607", "references": [{"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security-advisories@github.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/2", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2020/Aug/2", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."}, {"lang": "es", "value": "En octubre, desde versi\u00f3n 1.0.319 y anterior a versi\u00f3n 1.0.466, un usuario con acceso a un FormWidget de descuento que almacena datos persistentemente podr\u00eda crear un ataque de tipo XSS almacenado contra s\u00ed mismo y cualquier otro usuario con acceso al HTML generado desde el campo. Esto se ha corregido en 1.0.466. Para los usuarios del plugin RainLab.Blog, esto tambi\u00e9n se ha corregido en 1.4.1"}], "lastModified": "2024-11-21T04:56:45.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3FE9FB6-7669-4FDA-8099-2953B2E0B15C", "versionEndExcluding": "1.0.466", "versionStartIncluding": "1.0.319"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}