CVE-2020-35852

{"id": "CVE-2020-35852", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-02-23T01:15:12.577", "references": [{"url": "https://getgist.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://getgist.com/chatbot-software/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/riteshgohil/My_CVE/blob/main/CVE-2020-35852.md", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS."}, {"lang": "es", "value": "Chatbox est\u00e1 afectado por cross-site scripting (XSS). Un atacante tiene que subir cualquier carga \u00fatil XSS con SVG, archivo XML en Chatbox. No hay ninguna restricci\u00f3n en la carga de archivos en Chatbox que conduce a XSS almacenado."}], "lastModified": "2021-02-26T22:07:39.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:getgist:chatbox:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C332D50-5120-498E-8D05-198AB8286D24"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}