CVE-2020-11813

{"id": "CVE-2020-11813", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-04-16T19:15:27.180", "references": [{"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-stored-xss.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://fatihhcelik.blogspot.com/2020/01/rukovoditel-stored-xss.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous."}, {"lang": "es", "value": "En Rukovoditel versi\u00f3n 2.5.2, hay una vulnerabilidad de tipo XSS almacenado en la p\u00e1gina de configuraci\u00f3n por medio de la entrada de texto copyright. Por lo tanto, un atacante puede inyectar un script malicioso para robar los datos valiosos de todos los usuarios. Este texto copyright est\u00e1 en cada p\u00e1gina, por lo que este vector de ataque puede ser muy peligroso."}], "lastModified": "2024-11-21T04:58:41.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rukovoditel:rukovoditel:2.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81A85799-5B8E-4BAC-8E77-AA8E15BEDAD4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}