Reflected Cross-Site Scripting in BloofoxCMS by Bloofox
CVE-2020-36139

5.4MEDIUM

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 4 June 2021

What is CVE-2020-36139?

BloofoxCMS version 0.5.2.1 is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises when an attacker can inject a malicious script through the 'fileurl' parameter, potentially allowing for unauthorized access or manipulation of user data. Proper sanitization and validation measures must be implemented to mitigate this risk and ensure robust web security.

References

https://muteb.io/2020/12/29/BloofoxCMS-Multiple-Vulnerabi...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2021
Vulnerability Reserved
Jan 4, 2021

CVE-2020-36139 Data

JSON