Lucene search

MitreCVE-2020-20406

HistorySep 16, 2020 - 8:15 p.m.

CVE-2020-20406

2020-09-1620:15:13

CWE-79

mitre

web.nvd.nist.gov

cve-2020-20406

stored xss

vulnerability

elementor page builder

nvd

filtering

link custom attributes

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes.

Affected configurations

Nvd

Node

elementorelementor_page_builderRange≤2.9.2wordpress

VendorProductVersionCPE
elementorelementor_page_builder*cpe:2.3:a:elementor:elementor_page_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
elementor	elementor_page_builder	*	cpe:2.3:a:elementor:elementor_page_builder::::::wordpress::*

References

wordpress.org/plugins/elementor/#developers

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2020-20406