CVE-2020-5729

{"id": "CVE-2020-5729", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-04-17T19:15:14.857", "references": [{"url": "https://www.tenable.com/security/research/tra-2020-18", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2020-18", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue."}, {"lang": "es", "value": "En OpenMRS versiones 2.9 y anteriores, la P\u00e1gina de Error del Framework UI refleja una entrada arbitraria suministrada por el usuario en el navegador, que puede resultar en un ataque de tipo XSS. Cualquier p\u00e1gina que sea capaz de desencadenar un Error del Framework UI es susceptible a este problema."}], "lastModified": "2024-11-21T05:34:29.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CC281C5-FB85-489C-87BC-CB4294B33AFE", "versionEndIncluding": "2.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}