Stored XSS Vulnerability in NetArt News Lister by NetArt Media
CVE-2020-29364

4.8MEDIUM

Key Information:

Vendor: Netartmedia
Status: News Lister
Vendor: CVE Published:; 30 November 2020

🔔 Create Netartmedia Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-29364?

A stored cross-site scripting vulnerability exists in NetArt News Lister version 1.0.0 that allows attackers to inject malicious code via news titles. When these titles are rendered, the injected code is executed in users' browsers, posing a significant risk to web application security. It's vital for users of this product to implement security measures to mitigate potential exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-29364
Created by aslanemre

References

https://www.netartmedia.net/newslister

x_refsource_MISC

https://github.com/aslanemre/CVE-2020-29364/blob/main/CVE...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2020
🟡
Public PoC available
Nov 27, 2020
👾
Exploit known to exist
Nov 27, 2020
Vulnerability Reserved
Nov 27, 2020

CVE-2020-29364 Data

JSON