CVE-2020-25470

{"id": "CVE-2020-25470", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-10-26T14:15:13.137", "references": [{"url": "https://github.com/AntSwordProject/antSword/issues/256", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution."}, {"lang": "es", "value": "AntSword versi\u00f3n 2.1.8.1, presenta una vulnerabilidad de tipo cross-site scripting (XSS) en la funci\u00f3n View Site. Al visualizar un sitio agregado, una carga \u00fatil de tipo XSS puede ser inyectada en la vista de cookies, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota"}], "lastModified": "2020-10-28T13:44:48.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:antsword_project:antsword:2.1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A387E080-A436-4FDE-AF74-8E2F48B157A6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}