Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03eHF4LXh3ZzktangzNM4AAz9J
NodCMS Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows an attacker with administrative privileges to execute arbitrary code and gain access to sensitive information via a crafted script to the address parameter.
Permalink: https://github.com/advisories/GHSA-7xqx-xwg9-jx34JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03eHF4LXh3ZzktangzNM4AAz9J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-7xqx-xwg9-jx34, CVE-2020-20697
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-20697
- https://github.com/khodakhah/nodcms/issues/41
- https://github.com/advisories/GHSA-7xqx-xwg9-jx34
Affected Packages
packagist:khodakhah/nodcms
Versions: <= 3.0No known fixed version