CVE-2020-24138

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/15/2021 09:17:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Certain versions of Wcms from Wcms contain the following vulnerability:

Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.

  • CVE-2020-24138 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.1 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
research/CVE-2020-24138.md at main · secwx/research · GitHub github.com
text/html
URL Logo MISC github.com/secwx/research/blob/main/cve/CVE-2020-24138.md
Reflected XSS vulnerability in wcms/wex/html.php · Issue #10 · vedees/wcms · GitHub github.com
text/html
URL Logo MISC github.com/vedees/wcms/issues/10

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationWcmsWcms0.3.2AllAllAll
  • cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2020-24138 : Cross Site Scripting #XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrar… twitter.com/i/web/status/1… 2021-04-07 15:03:25
Twitter Icon @LinInfoSec Php - CVE-2020-24138: github.com/vedees/wcms/is… 2021-04-07 22:28:52