CVE-2020-35241

Опубликовано: 30 дек. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.

Ссылки

https://github.com/alpernae/vulnerability-research/tree/main/CVE-2020-35241
https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35241.md
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48826
https://www.flatpress.org/download
Product
Vendor Advisory
https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35241.md
Exploit
Third Party Advisory
https://www.flatpress.org/download
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flatpress:flatpress:1.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00154

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-35241

CVSS3: 4.8

debian

около 5 лет назад

FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...

GHSA-9gh4-cwcx-xqjg

CVSS3: 4.8

github

больше 3 лет назад

EPSS

Процентиль: 36%

0.00154

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79