CVE-2020-23447

{"id": "CVE-2020-23447", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-01-26T18:15:42.660", "references": [{"url": "https://github.com/newbee-ltd/newbee-mall/issues/33", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/newbee-ltd/newbee-mall/issues/33", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the \"View Recipient Information\" of this order in \"Order Management Office\"."}, {"lang": "es", "value": "newbee-mall versi\u00f3n 1.0 est\u00e1 afectado por una vulnerabilidad de tipo cross-site scripting en shop-cart/settle. Los usuarios solo necesitan escribir una carga \u00fatil xss en la informaci\u00f3n de su direcci\u00f3n cuando compran productos, lo que se desencadena cuando visualizan la \"View Recipient Information\" de este pedido en la \"Order Management Office\""}], "lastModified": "2024-11-21T05:13:48.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:newbee-mall_project:newbee-mall:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D0A6046-1A4C-488F-B8BF-6E0A3A50E5DC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}