Miggo Logo

CVE-2020-18699: Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.64854%
Published
5/24/2022
Updated
9/30/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
lin-cmspip<= 0.1.1b2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly mentions the 'Username' parameter in app/api/cms/user.py and references GitHub issue #28 which identifies register() in user.py and get_logs() in log.py as vulnerable points. The register function accepts untrusted input without sanitization, while get_logs displays this input without proper escaping, creating a stored XSS chain. Both functions are directly implicated in the attack flow described in the CVE and related advisories.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross Sit* S*riptin* (XSS) in Lin-*MS-*l*sk v*.*.* *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** *y *nt*rin* s*ripts in t** t** 'Us*rn*m*' p*r*m*t*r o* t** in *ompon*nt '*pp/*pi/*ms/us*r.py'.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly m*ntions t** 'Us*rn*m*' p*r*m*t*r in *pp/*pi/*ms/us*r.py *n* r***r*n**s *it*u* issu* #** w*i** i**nti*i*s r**ist*r() in us*r.py *n* **t_lo*s() in lo*.py *s vuln*r**l* points. T** r**ist*r *un*tion ****pts untr