Skip to main content

Framework CVE-2020-7990

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-01-26 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 26, 2020 - 22:15 nvd
MEDIUM 6.1

DescriptionNVD

Adive Framework 2.0.8 has admin/user/add userName XSS.

AnalysisAI

Adive Framework 2.0.8 has admin/user/add userName XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Affected products include: Adive Framework.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-7991 HIGH POC
8.8 Jan 26

Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. Rated high severity (CVSS 8.8), this v

CVE-2022-4413 MEDIUM POC
6.1 Dec 12

Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13. Rated medium severity

CVE-2021-43808 MEDIUM POC
6.1 Dec 08

Laravel is a web application framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no

CVE-2020-7989 MEDIUM POC
6.1 Jan 26

Adive Framework 2.0.8 has admin/user/add userUsername XSS. Rated medium severity (CVSS 6.1), this vulnerability is remot

CVE-2021-43617 CRITICAL POC
9.8 Nov 14

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Val

CVE-2022-38724 MEDIUM POC
5.4 Nov 23

Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin thr

CVE-2022-38148 HIGH
8.8 Nov 21

Silverstripe silverstripe/framework through 4.11 allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2024-52301 HIGH
8.7 Nov 12

Laravel is a web application framework. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no a

CVE-2024-4337 HIGH
7.4 Apr 30

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripti

CVE-2024-4336 HIGH
7.4 Apr 30

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripti

CVE-2025-27515 MEDIUM
6.9 Mar 05

Laravel is a web application framework. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no

CVE-2023-22729 MEDIUM
6.1 Apr 26

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Ra

Share

CVE-2020-7990 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy