Vulnerability Description
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Projectworlds | Travel Management System | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/projectworldsofficial/online-examination-systen-in-phpThird Party Advisory
- https://nikhilkumar01.medium.com/cve-2020-29205-a7ab5cbcd156Third Party Advisory
- https://www.exploit-db.com/exploits/48969ExploitThird Party AdvisoryVDB Entry
- https://github.com/projectworldsofficial/online-examination-systen-in-phpThird Party Advisory
- https://nikhilkumar01.medium.com/cve-2020-29205-a7ab5cbcd156Third Party Advisory
- https://www.exploit-db.com/exploits/48969ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2020-29205?
CVE-2020-29205 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
How severe is CVE-2020-29205?
CVE-2020-29205 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-29205?
Check the references section above for vendor advisories and patch information. Affected products include: Projectworlds Travel Management System.