CVE-2020-36389
CiviCRM < 5.28.1 - Cross-Site Request Forgery to Cross-Site Scripting
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
En CiviCRM versiones anteriores a 5.28.1 y CiviCRM ESR versiones anteriores a 5.27.5 ESR, el formulario de configuraciĆ³n del CKEditor permite ataques de tipo CSRF
The CiviCRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via improper CSRF checks in the CKEditor Configuration Form in versions up to, and including, 5.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
*Credits:
Dennis Brinkrolf (sonarsource)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-17 CVE Reserved
- 2021-06-17 CVE Published
- 2024-01-22 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form | 2023-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Civicrm Search vendor "Civicrm" | Civicrm Search vendor "Civicrm" for product "Civicrm" | < 5.27.5 Search vendor "Civicrm" for product "Civicrm" and version " < 5.27.5" | extended_security_release |
Affected
| ||||||
| Civicrm Search vendor "Civicrm" | Civicrm Search vendor "Civicrm" for product "Civicrm" | < 5.28.1 Search vendor "Civicrm" for product "Civicrm" and version " < 5.28.1" | - |
Affected
| ||||||