CVE-2020-29231
Summary
| CVE | CVE-2020-29231 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-30 19:15:13 UTC |
| Updated | 2026-07-05 01:17:12 UTC |
| Description | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers. |
Risk And Classification
Primary CVSS: v3.1 5.4 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.006190000 probability, percentile 0.453400000 (date 2026-07-05)
Problem Types: CWE-79 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| 2.0 | [email protected] | Primary | 3.5 | AV:N/AC:M/Au:S/C:N/I:P/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
SingleConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:S/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Egavilanmedia | User Registration And Login System With Admin Panel | 1.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| egavilanmedia.com | af854a3a-2127-422b-91ae-364da2661108 | egavilanmedia.com | Vendor Advisory |
| CVE-Reference/CVE-2020-29231.md at main · hemantsolo/CVE-Reference · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.