Skip to main content

S Cms CVE-2020-20425

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-12-22 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 22, 2021 - 23:15 nvd
MEDIUM 6.1

DescriptionNVD

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

AnalysisAI

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Affected products include: S-Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in S Cms

View all
CVE-2019-10708 CRITICAL POC
9.8 Apr 02

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), t

CVE-2019-6805 CRITICAL POC
9.8 Jan 25

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS

CVE-2018-20480 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20479 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20477 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-18887 CRITICAL POC
9.8 Nov 01

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical

CVE-2018-18427 CRITICAL POC
9.8 Oct 17

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated

CVE-2019-10237 HIGH POC
8.8 Mar 27

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&l

CVE-2018-19332 HIGH POC
8.8 Nov 17

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no au

CVE-2018-18426 HIGH POC
8.8 Oct 17

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow va

CVE-2018-20478 HIGH POC
7.5 Dec 26

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no aut

CVE-2018-20018 HIGH POC
7.5 Dec 10

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated hig

Share

CVE-2020-20425 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy