exploitDog

CVE-2020-28849

Опубликовано: 11 авг. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

Ссылки

https://github.com/ChurchCRM/CRM/issues/5477
Exploit
Issue Tracking
https://github.com/ChurchCRM/CRM/issues/5477
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*

Версия до 4.2.1 (включая)

EPSS

Процентиль: 21%

0.00068

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-796x-q48r-j82h

CVSS3: 5.4

github

больше 2 лет назад

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

EPSS

Процентиль: 21%

0.00068

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79