Cross Site Scripting Vulnerability in Lin-CMS-Flask by TaleLin
CVE-2020-18699

6.1MEDIUM

Key Information:

Vendor: Talelin
Status: Lin-cms-flask
Vendor: CVE Published:; 16 August 2021

What is CVE-2020-18699?

A vulnerability exists in Lin-CMS-Flask version 0.1.1 that allows remote attackers to exploit Cross Site Scripting (XSS) through the 'Username' parameter in 'app/api/cms/user.py'. By injecting malicious scripts, an attacker could potentially execute arbitrary code, compromising the security of the affected application.

References

https://github.com/TaleLin/lin-cms-flask/issues/28

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2021
Vulnerability Reserved
Aug 13, 2020

CVE-2020-18699 Data

JSON

Talelin

What is CVE-2020-18699?

References

CVSS V3.1

Timeline