CVE-2020-18468

{"id": "CVE-2020-18468", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-08-26T18:15:07.663", "references": [{"url": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/2", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/joelister/Persistent-XSS-on-qdPM-9.1/issues/2", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en qdPM versi\u00f3n 9.1, en el campo Heading que se encuentra en la p\u00e1gina Login Page bajo el men\u00fa General por medio de un nombre de sitio web dise\u00f1ado al hacer una petici\u00f3n HTTP POST autenticada en el archivo /qdPM_9.1/index.php/configuration."}], "lastModified": "2024-11-21T05:08:38.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B48FE9-A849-4504-8089-74DE16F82F3A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}