CVE-2020-15716

{"id": "CVE-2020-15716", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-07-15T19:15:12.163", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-15716.md", "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184942", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/blob/mobile/CHANGES.md", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/commit/89ae9de732024e3a2e99262aa98b400a1aa6975a", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/issues/291", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/francoisjacquet/rosariosis/-/tags/v6.8-beta", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL."}, {"lang": "es", "value": "RosarioSIS versi\u00f3n 6.7.2, es vulnerable a un ataque de tipo XSS, causado por una comprobaci\u00f3n inapropiada de la entrada suministrada por el usuario mediante el script Preferences.php. Un atacante remoto podr\u00eda explotar esta vulnerabilidad usando el par\u00e1metro tab en una URL dise\u00f1ada"}], "lastModified": "2025-04-16T15:15:45.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rosariosis:rosariosis:6.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A870F8E-3082-421C-A701-75D43DD6276C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}