CVE-2020-15717

{"id": "CVE-2020-15717", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-07-15T19:15:12.243", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184943", "tags": ["VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL."}, {"lang": "es", "value": "RosarioSIS versi\u00f3n 6.7.2, es vulnerable a un ataque de tipo XSS, causado por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario mediante el script Search.inc.php. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando el par\u00e1metro advanced en una URL dise\u00f1ada"}], "lastModified": "2024-11-21T05:06:05.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A870F8E-3082-421C-A701-75D43DD6276C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}