CVE-2020-17476 - Vulnerability Details - OpenCVE

Mibew Messenger before 3.2.7 allows XSS via a crafted user name.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mibew	Messenger

Configuration 1 [-]

cpe:2.3:a:mibew:messenger:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c
https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-08-10T16:58:43

Updated: 2024-08-04T14:00:47.464Z

Reserved: 2020-08-10T00:00:00

Link: CVE-2020-17476

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-10T17:15:13.133

Modified: 2024-11-21T05:08:11.390

Link: CVE-2020-17476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Mibew Messenger before 3.2.7 allows XSS via a crafted user name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-10T16:58:43", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-17476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mibew Messenger before 3.2.7 allows XSS via a crafted user name."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released", "refsource": "MISC", "url": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released"}, {"name": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c", "refsource": "MISC", "url": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:00:47.464Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-17476", "datePublished": "2020-08-10T16:58:43", "dateReserved": "2020-08-10T00:00:00", "dateUpdated": "2024-08-04T14:00:47.464Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mibew:messenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "EECBF5E0-50F6-412B-8BB1-27854A7D3B04", "versionEndExcluding": "3.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mibew Messenger before 3.2.7 allows XSS via a crafted user name."}, {"lang": "es", "value": "Mibew Messenger versiones anteriores a 3.2.7, permite un ataque de tipo XSS por medio de un nombre de usuario dise\u00f1ado"}], "id": "CVE-2020-17476", "lastModified": "2024-11-21T05:08:11.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-10T17:15:13.133", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Mibew/mibew/commit/84f5bca0a90b2fe470e35e9b5121548ccce0093c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mibew.org/announcements/2020/07/09/mibew-messenger-3-2-7-has-been-released"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}