SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 5.4		CVSS Score : 3.5
Exploit Score: 2.3		Exploit Score: 6.8
Impact Score: 2.7		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: LOW		Authentication: SINGLE
User Interaction: REQUIRED		Confidentiality: NONE
Scope: CHANGED		Integrity: PARTIAL
Confidentiality: LOW		Availability: NONE
Integrity: LOW
Availability: NONE

Reference:

http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf

https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff


30479



423868



249622



909



195521



282