{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-36828","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-03-29T07:20:54.855Z","datePublished":"2024-03-31T09:00:04.241Z","dateUpdated":"2024-08-04T17:37:07.325Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-03-31T09:00:04.241Z"},"title":"DiscuzX install_function.php show_next_step cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Cross Site Scripting"}]}],"affected":[{"vendor":"n/a","product":"DiscuzX","versions":[{"version":"3.4-20200818","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612."},{"lang":"de","value":"Es wurde eine problematische Schwachstelle in DiscuzX bis 3.4-20200818 ausgemacht. Es geht dabei um die Funktion show_next_step der Datei upload/install/include/install_function.php. Mit der Manipulation des Arguments uchidden mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Ein Aktualisieren auf die Version 3.4-20210119 vermag dieses Problem zu lösen. Der Patch wird als 4a9673624f46f7609486778ded9653733020c567 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2020-01-09T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2020-01-09T00:00:00.000Z","lang":"en","value":"Countermeasure disclosed"},{"time":"2024-03-29T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-03-29T08:26:18.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"VulDB GitHub Commit Analyzer","type":"tool"}],"references":[{"url":"https://vuldb.com/?id.258612","name":"VDB-258612 | DiscuzX install_function.php show_next_step cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.258612","name":"VDB-258612 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567","tags":["patch"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-08T17:57:18.908017Z","id":"CVE-2020-36828","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-08T20:05:25.852Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:37:07.325Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.258612","name":"VDB-258612 | DiscuzX install_function.php show_next_step cross site scripting","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.258612","name":"VDB-258612 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567","tags":["patch","x_transferred"]}]}]}}