CVE-2020-20697 – khodakhah/nodcms

Package

Manager: composer
Name: khodakhah/nodcms
Vulnerable Version: >=0 <=3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00119 pctl0.3145

Details

NodCMS Cross Site Scripting vulnerability Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows an attacker with administrative privileges to execute arbitrary code and gain access to sensitive information via a crafted script to the address parameter.

Metadata

Created: 2023-06-20T15:31:08Z
Modified: 2023-06-27T22:22:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-7xqx-xwg9-jx34/GHSA-7xqx-xwg9-jx34.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7xqx-xwg9-jx34
Finding: F425
Auto approve: 1