CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.1%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff
http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff

Products affected by CVE-2020-19626

Craftcms » Craft Cms » Version: 3.1.31

cpe:2.3:a:craftcms:craft_cms:3.1.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-19626

Products

Pricing

Contact Us