GHSA-3374-7h99-xr85

Опубликовано: 25 окт. 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Cross-site scripting in forkcms

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Displayname field when using the Add, Edit or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

Ссылки

Пакеты

Наименование

forkcms/forkcms

composer

Затронутые версииВерсия исправления

< 5.8.1

5.8.1

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2020-23049

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-23049

CVSS3: 5.4

nvd

больше 4 лет назад

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2020-23049

Дефекты

CWE-79