Lucene search

[email protected]NVD:CVE-2020-29239

HistoryDec 02, 2020 - 5:15 p.m.

CVE-2020-29239

2020-12-0217:15:14

CWE-79

[email protected]

web.nvd.nist.gov

online system

birth certificate

xss

vulnerability

user registration

admin panel

cookie theft

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.8%

JSON

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.

Affected configurations

Nvd

Node

janobeonline_voting_systemMatch1.0

VendorProductVersionCPE
janobeonline_voting_system1.0cpe:2.3:a:janobe:online_voting_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
janobe	online_voting_system	1.0	cpe:2.3:a:janobe:online_voting_system:1.0:::::::*

References

www.exploit-db.com/exploits/49159

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

42.8%

JSON

Related for NVD:CVE-2020-29239

cvelist1 cve1 prion1