CVE-2020-19626

Опубликовано: 26 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

Ссылки

http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf
Exploit
Third Party Advisory
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff
Patch
Third Party Advisory
http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf
Exploit
Third Party Advisory
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:3.1.31:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00232

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-33jj-92px-m4g7