CVE-2020-25875

{"id": "CVE-2020-25875", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-07-09T22:15:08.003", "references": [{"url": "https://codoforum.com/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/r0ck3t1973/xss_payload/issues/4", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://codoforum.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/r0ck3t1973/xss_payload/issues/4", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross site scripting (XSS) almacenado en la funcionalidad \"Smileys\" de Codoforum versi\u00f3n v5.0.2, permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios por medio de una carga \u00fatil dise\u00f1ada introducida en el par\u00e1metro \"Smiley Code\""}], "lastModified": "2024-11-21T05:18:57.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codologic:codoforum:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BCBD3E3-DEEA-488B-8246-F77BE6CB778D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}