nvd-json-data-feeds/CVE-2020/CVE-2020-294xx/CVE-2020-29475.json

{
  "id": "CVE-2020-29475",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-12-29T15:15:12.717",
  "lastModified": "2020-12-30T16:42:16.453",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload."
    },
    {
      "lang": "es",
      "value": "nopCommerce Store versi\u00f3n 4.30, est\u00e1 afectado por un ataque de tipo cross-site scripting (XSS) en el campo de nombre de tareas de Programadas. Esta vulnerabilidad puede permitir a un atacante inyectar una carga \u00fatil de tipo XSS en tareas Programadas y cada vez que un usuario vaya a esa p\u00e1gina del sitio web, los ataques de tipo XSS se desencadenar\u00e1n y el atacante pueden robar la cookie de acuerdo con la carga \u00fatil dise\u00f1ada"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:nopcommerce:store:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA4EBB8-852B-4530-96D2-AFB7B3A56E22"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.exploit-db.com/exploits/49093",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}