CVE-2020-35677

{"id": "CVE-2020-35677", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-12-24T04:15:12.547", "references": [{"url": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection."}, {"lang": "es", "value": "BigProf Online Invoicing System versiones anteriores a 4.0, presenta un fallo al sanear adecuadamente los campos para caracteres HTML cuando un administrador usa un archivo admin/pageEditGroup.php para crear un nuevo grupo, resultando en una vulnerabilidad de tipo XSS almacenado. La advertencia aqu\u00ed es que un atacante podr\u00eda necesitar privilegios administrativos para crear la carga \u00fatil. Se podr\u00eda pensar que esto mitiga por completo el impacto de la escalada de privilegios, ya que solo hay un rol muy privilegiado. Sin embargo, se detect\u00f3 que el endpoint responsable de crear el grupo carece de protecci\u00f3n CSRF"}], "lastModified": "2024-11-21T05:27:49.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7734A20-D7AA-45D2-B440-D7A10BB698D2", "versionEndExcluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}