CVE-2020-5305

{"id": "CVE-2020-5305", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-01-05T23:15:11.467", "references": [{"url": "http://codologic.com/forum/index.php?u=/category/news-and-announcements", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in_2.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://codologic.com/forum/index.php?u=/category/news-and-announcements", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vyshnavvizz.blogspot.com/2020/01/stored-cross-site-scripting-in_2.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen."}, {"lang": "es", "value": "Codoforum versi\u00f3n 4.8.3, permite un ataque de tipo XSS en el panel de administraci\u00f3n por medio de un campo de nombre de un nuevo usuario, es decir, en la pantalla Manage Users."}], "lastModified": "2024-11-21T05:33:52.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codologic:codoforum:4.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E13F8277-5453-4751-BAD7-8AC2397AB662"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}