CVE-2020-22158

{"id": "CVE-2020-22158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-09-14T16:15:11.590", "references": [{"url": "https://sku11army.blogspot.com/2020/02/ericsson-multiple-stored-reflected-xss.html", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://sku11army.blogspot.com/2020/02/ericsson-multiple-stored-reflected-xss.html", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the \"path\" or \"Services+ID\" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the \"name\" parameter with the malicious code."}, {"lang": "es", "value": "Los dispositivos MediaKind (anteriormente Ericsson) versi\u00f3n 5.13.3, son vulnerables a m\u00faltiples ataques de tipo XSS reflejados y almacenados. Un atacante tiene que inyectar c\u00f3digo JavaScript directamente en los par\u00e1metros \"path\" o \"Services+ID\" y enviar la URL hacia un usuario para explotar la vulnerabilidad de tipo XSS reflejado. En el caso de una vulnerabilidad de tipo XSS almacenado, un atacante debe modificar el par\u00e1metro \"name\" con el c\u00f3digo malicioso"}], "lastModified": "2024-11-21T05:13:07.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mediakind:rx8200_firmware:5.13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1EEB9E-45E3-495B-A09C-71A7A96B015D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediakind:rx8200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "369370E0-04CD-4EDE-9C0C-F2FCAD7C40E3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}