Lucene search

GitHub Advisory DatabaseGHSA-3374-7H99-XR85

HistoryOct 25, 2021 - 7:43 p.m.

Cross-site scripting in forkcms

2021-10-2519:43:05

CWE-79

GitHub Advisory Database

github.com

fork cms

v5.8.0

xss vulnerability

displayname field

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Displayname field when using the Add, Edit or `Register’ functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

Affected configurations

Vulners

Node

forkcmsforkcmsRange<5.8.1

VendorProductVersionCPE
forkcmsforkcms*cpe:2.3:a:forkcms:forkcms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forkcms	forkcms	*	cpe:2.3:a:forkcms:forkcms::::::::

References

github.com/advisories/GHSA-3374-7h99-xr85

github.com/forkcms/forkcms/commit/6ec6171206a7507a39695edc8bbd1b97ef1041c6

nvd.nist.gov/vuln/detail/CVE-2020-23049

www.vulnerability-lab.com/get_content.php?id=2208

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

Related for GHSA-3374-7H99-XR85