Vulnerability Description
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://codekernel.net/
- https://codecanyon.net/item/queue-management-system/22029961
- https://www.exploit-db.com/exploits/49296
- https://www.vulncheck.com/advisories/queue-management-system-stored-xss-via-add-
FAQ
What is CVE-2020-37240?
CVE-2020-37240 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can inse...
How severe is CVE-2020-37240?
CVE-2020-37240 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-37240?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.