CVE-2020-23373: XSS
First published: Mon May 10 2021(Updated: )
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 5none Nonecms | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2020-23373.
What is the severity of CVE-2020-23373?
The severity of CVE-2020-23373 is medium.
How does the XSS vulnerability CVE-2020-23373 in noneCMS v1.3.0 occur?
The XSS vulnerability CVE-2020-23373 in noneCMS v1.3.0 occurs due to improper input validation of the name parameter in the admin/nav/add.html file.
What can an attacker do with this XSS vulnerability in noneCMS v1.3.0?
An attacker with remote authentication can inject arbitrary web script or HTML using the name parameter.
Is there a fix for the XSS vulnerability CVE-2020-23373 in noneCMS v1.3.0?
Yes, updating to a version of noneCMS that includes the fix for CVE-2020-23373 will resolve the XSS vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/5none
- canonical/5none nonecms
- version/5none nonecms/1.3.0