exploitDog

CVE-2020-18084

Опубликовано: 30 апр. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.

Ссылки

https://github.com/yzmcms/yzmcms/issues/9
Exploit
Issue Tracking
Third Party Advisory
https://github.com/yzmcms/yzmcms/issues/9
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yzmcms:yzmcms:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00638

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8jm8-5rhf-cx7x

github

больше 3 лет назад

Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.

EPSS

Процентиль: 70%

0.00638

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79