CVE-2020-28707

{"id": "CVE-2020-28707", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-01-19T22:15:12.537", "references": [{"url": "http://stockdio.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jondow.eu/cve-2020-28707-xss-in-stockdio-historical-chart-plugin-for-wordpress-before-version-281/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/stockdio-historical-chart/#developers", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the \"e\" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object."}, {"lang": "es", "value": "El plugin Stockdio Historical Chart versiones anteriores a 2.8.1 para WordPress, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del archivo stockdio_chart_historical-wp.js en wp-content/plugins/stockdio-historical-chart/assets/ debido a que el origen de un evento postMessage() no est\u00e1 comprobado. La funci\u00f3n stockdio_eventer escucha cualquier evento postMessage. Despu\u00e9s que un evento de mensaje es enviado a la aplicaci\u00f3n, esta funci\u00f3n establece la variable \"e\" como evento y comprueba que los tipos de datos y el m\u00e9todo de datos no est\u00e9n indefinidos (vac\u00edos) antes de proceder a evaluar el m\u00e9todo de datos recibido del postMessage. Sin embargo, en un sitio web diferente. El c\u00f3digo JavaScript puede llamar a window.open para la instancia vulnerable de WordPress y hacer un postMessage(msg,'*') para ese objeto"}], "lastModified": "2021-01-22T21:42:36.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stockdio:stockdio_historical_chart:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "593F6C25-64BE-4733-A6AB-39B3A8046F75", "versionEndExcluding": "2.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}