Vulnerability Description
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Form Builder For Magento 2 Project | Form Builder For Magento 2 | 2.1.0 |
Related Weaknesses (CWE)
References
- https://anothernetsecblog.comThird Party AdvisoryURL Repurposed
- https://anothernetsecblog.com/magento-2-extension-security/ExploitThird Party AdvisoryURL Repurposed
- https://landofcoder.com/magento-2-form-builder.htmlProductThird Party Advisory
- https://anothernetsecblog.comThird Party AdvisoryURL Repurposed
- https://anothernetsecblog.com/magento-2-extension-security/ExploitThird Party AdvisoryURL Repurposed
- https://landofcoder.com/magento-2-form-builder.htmlProductThird Party Advisory
FAQ
What is CVE-2020-13423?
CVE-2020-13423 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.
How severe is CVE-2020-13423?
CVE-2020-13423 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13423?
Check the references section above for vendor advisories and patch information. Affected products include: Form Builder For Magento 2 Project Form Builder For Magento 2.