CVE-2020-37111 — MEDIUM (6.1)

Vulnerability Description

60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Opensourcecms	60Cyclecms	2.5.2

Related Weaknesses (CWE)

CWE-79

References

http://davidvg.com/Broken Link
https://www.exploit-db.com/exploits/48177ExploitThird Party AdvisoryVDB Entry
https://www.opensourcecms.com/60cyclecmsBroken Link
https://www.vulncheck.com/advisories/cyclecms-newsphp-cross-site-scripting-xss-vBroken Link

FAQ

What is CVE-2020-37111?

CVE-2020-37111 is a vulnerability with a CVSS score of 6.1 (MEDIUM). 60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS p...

How severe is CVE-2020-37111?

CVE-2020-37111 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-37111?

Check the references section above for vendor advisories and patch information. Affected products include: Opensourcecms 60Cyclecms.