CVE-2020-23376: CSRF
First published: Mon May 10 2021(Updated: )
NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 5none Nonecms | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for NoneCMS v1.3?
The vulnerability ID for NoneCMS v1.3 is CVE-2020-23376.
What is the severity of CVE-2020-23376?
The severity of CVE-2020-23376 is medium with a CVSS score of 6.1.
Which software versions are affected by CVE-2020-23376?
CVE-2020-23376 affects NoneCMS v1.3.0.
How does CVE-2020-23376 work?
CVE-2020-23376 is a CSRF vulnerability in NoneCMS v1.3 that allows an attacker to add a navigation column with arbitrary web script or HTML via the name parameter, leading to a stored XSS attack.
Are there any references related to CVE-2020-23376?
Yes, you can find more information about CVE-2020-23376 at the following references: [link1](https://cwe.mitre.org/data/definitions/352.html), [link2](https://github.com/nangge/noneCms/issues/35).
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/5none
- canonical/5none nonecms
- version/5none nonecms/1.3.0