admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-110xx/CVE-2020-11065.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

143 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-11065",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-13T23:15:11.233",
"lastModified": "2020-05-15T00:37:55.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2."
},
{
"lang": "es",
"value": "En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que las etiquetas de enlace generadas por la funcionalidad typolink son vulnerables a un ataque de tipo cross-site scripting; las propiedades que han sido asignadas como atributos HTML no han sido analizadas correctamente. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.12",
"versionEndExcluding": "9.5.17",
"matchCriteriaId": "40512131-A9DB-406C-BF8D-0E341F70C2F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.2.0",
"versionEndExcluding": "10.4.2",
"matchCriteriaId": "B192088D-250F-4ADA-8312-6B4D8A3ED3D0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink