nvd-json-data-feeds/CVE-2021/CVE-2021-207xx/CVE-2021-20723.json

{
  "id": "CVE-2021-20723",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2021-05-24T04:15:14.947",
  "lastModified": "2021-05-28T12:23:56.320",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site scripting reflejada en la edici\u00f3n gratuita [MailForm01] (versiones cuya \u00faltima fecha de actualizaci\u00f3n que figura en la parte superior de las descripciones en el archivo del programa es del 12 de diciembre de 2014 al 27 de julio de 2018) permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mailform01_project:mailform01:*:*:*:*:free:*:*:*",
              "versionStartIncluding": "2014-12-12",
              "versionEndIncluding": "2018-07-27",
              "matchCriteriaId": "1E1A3BB1-545C-40FE-A8E5-31547C62F6B8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://jvn.jp/en/jp/JVN53910556/index.html",
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.php-factory.net/mail/01.php",
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ]
    }
  ]
}