CVE-2020-8789

Description

Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.

Related CPE's

acomposr_projectcomposr********

References

http://packetstormsecurity.com/files/157787/Composr-CMS-10.0.30-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

20200522 Composr CMS 10.0.30 - (Authenticated) Cross-Site Scripting

ExploitMailing ListThird Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

REQUIRED

Scope

CHANGED

ConfidentialityImpact

LOW

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

5.4

BaseSeverity

MEDIUM

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:S/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

SINGLE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

3.5

Created by Yello
About Severity.io