CVE-2020-29239
Summary
| CVE | CVE-2020-29239 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-02 17:15:00 UTC |
| Updated | 2023-10-03 15:35:00 UTC |
| Description | Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Janobe | Online Voting System | 1.0 | All | All | All |
| Application | Online Voting System Project | Online Voting System | 1.0 | All | All | All |
| Application | Online Voting System Project | Online Voting System | 1.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting - Multiple webapps Exploit | MISC | www.exploit-db.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.