CVE-2020-24604

{"id": "CVE-2020-24604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-09-02T15:15:10.457", "references": [{"url": "https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://issues.igniterealtime.org/browse/OF-1963", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://cybersecurityworks.com/zerodays/cve-2020-24604-ignite-realtime-openfire.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.igniterealtime.org/browse/OF-1963", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request \"searchName\", \"searchValue\", \"searchDescription\", \"searchDefaultValue\",\"searchPlugin\", \"searchDescription\" and \"searchDynamic\" in server-properties.jsp and security-audit-viewer.jsp"}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de tipo XSS Reflejado en Ignite Realtime Openfire versi\u00f3n 4.5.1. La vulnerabilidad de tipo XSS permite a atacantes remotos inyectar script web o HTML arbitrario por medio de la petici\u00f3n GET \"searchName\", \"searchValue\", \"searchDescription\", \"searchDefaultValue\", \"searchPlugin\", \"searchDescription\" y \"searchDynamic\" en los archivos server-properties.jsp y security-audit-viewer.jsp"}], "lastModified": "2024-11-21T05:15:08.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:igniterealtime:openfire:4.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7C7E9D2-88C1-45AE-BD6D-237914798E9C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}