id: CVE-2020-20285 info: name: ZZcms - Cross-Site Scripting author: edoardottt severity: medium description: | ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/iohex/ZZCMS/blob/master/zzcms2019_login_xss.md - https://nvd.nist.gov/vuln/detail/CVE-2020-20285 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2020-20285 cwe-id: CWE-79 epss-score: 0.00182 epss-percentile: 0.55354 cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zzcms product: zzcms fofa-query: zzcms tags: cve2020,cve,zzcms,xss http: - raw: - | GET /user/login.php HTTP/1.1 Host: {{Hostname}} Referer: xss"/> matchers-condition: and matchers: - type: word part: body words: - 'fromurl" type="hidden" value="xss"/>' - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 490a00463044022051a3134fc5f1915833892b85fa1365f58eabd71c5edd9c4d0e5703ce34ec179302202f35ab994046066a9d4d3eff76ed0fceace2fda5aa75b1a08ccc23e41b568d9f:922c64590222798bb761d5b6d8e72950