CVE-2020-25761
Visitor Management System In PHP 1.0 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
Projectworlds Visitor Management System en PHP versión 1.0, permite un ataque de tipo XSS. El archivo myform.php no lleva a cabo una comprobación de entrada en los parámetros request. Un atacante puede inyectar cargas útiles de JavaScript en los parámetros para llevar a cabo varios ataques, tales como el robo de cookies, información confidencial, etc
Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-18 CVE Reserved
- 2020-09-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Projectworlds Search vendor "Projectworlds" | Visitor Management System In Php Search vendor "Projectworlds" for product "Visitor Management System In Php" | 1.0 Search vendor "Projectworlds" for product "Visitor Management System In Php" and version "1.0" | - |
Affected
| ||||||