CVE-2020-35240

{"id": "CVE-2020-35240", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-12-30T15:15:13.027", "references": [{"url": "https://fluxbb.org/downloads/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35240.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hemantsolo/CVE-Reference/issues/1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://fluxbb.org/downloads/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/hemantsolo/CVE-Reference/blob/main/CVE-2020-35240.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/hemantsolo/CVE-Reference/issues/1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in \"Blog Content\" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload."}, {"lang": "es", "value": "FluxBB versi\u00f3n 1.5.11, est\u00e1 afectado por una vulnerabilidad de tipo cross-site scripting, (XSS) en el componente Blog Content. Esta vulnerabilidad puede permitir a un atacante inyectar una carga \u00fatil de tipo XSS en \"Blog Content\" y cada vez que un usuario visite el blog, el XSS se desencadena y el atacante puede ser capaz de robar la cookie de acuerdo a la carga \u00fatil dise\u00f1ada."}], "lastModified": "2024-11-21T05:27:05.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fluxbb:fluxbb:1.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4294CBC2-85BA-4C0F-90D3-E655F78495DF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}