CVE-2020-29471

{"id": "CVE-2020-29471", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-12-29T17:15:12.737", "references": [{"url": "https://www.exploit-db.com/exploits/49098", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/49098", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger."}, {"lang": "es", "value": "OpenCart versi\u00f3n 3.0.3.6, est\u00e1 afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en la Imagen de Perfil. Un administrador puede cargar una imagen de perfil como un c\u00f3digo malicioso usando JavaScript. Siempre que alguien vea la foto de perfil, el c\u00f3digo se ejecutar\u00e1 y desencadenar\u00e1 un XSS"}], "lastModified": "2024-11-21T05:24:03.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opencart:opencart:3.0.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4045D4AD-1145-4CD5-A217-9437DBE2BD1D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}