CVE-2020-27409 Vulnerability Analysis & Exploit Details

Status: Analyzed - Last modified: 07-12-2020 Published: 04-12-2020

CVE-2020-27409
Vulnerability Scoring

6.1
/10

Attack Complexity Details

  • Attack Complexity: Low Impact
  • Attack Vector: NETWORK
  • Privileges Required: None
  • Scope: CHANGED
  • User Interaction: REQUIRED

CIA Impact Definition

  • Confidentiality: Low Impact
  • Integrity: Low Impact
  • Availability:

CVE-2020-27409 Vulnerability Summary

OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.

Access Complexity Graph for CVE-2020-27409

Impact Analysis for CVE-2020-27409

CVE-2020-27409 Detailed Information and External References

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.076% (probability of exploit)

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

0.00076

EPSS %

0.35606

References

CWE

CWE-79

CAPEC

  • XSS Using MIME Type Mismatch CAPEC-209 An adversary creates a file with scripting content but where the specified MIME type of the file is such that scripting is not expected. The adversary tricks the victim into accessing a URL that responds with the script file. Some browsers will detect that the specified MIME type of the file does not match the actual type of its content and will automatically switch to using an interpreter for the real content type. If the browser does not invoke script filters before doing this, the adversary's script may run on the target unsanitized, possibly revealing the victim's cookies or executing arbitrary script in their browser.
  • DOM-Based XSS CAPEC-588 This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is inserted into the client-side HTML being parsed by a web browser. Content served by a vulnerable web application includes script code used to manipulate the Document Object Model (DOM). This script code either does not properly validate input, or does not perform proper output encoding, thus creating an opportunity for an adversary to inject a malicious script launch a XSS attack. A key distinction between other XSS attacks and DOM-based attacks is that in other XSS attacks, the malicious script runs when the vulnerable web page is initially loaded, while a DOM-based attack executes sometime after the page loads. Another distinction of DOM-based attacks is that in some cases, the malicious script is never sent to the vulnerable web server at all. An attack like this is guaranteed to bypass any server-side filtering attempts to protect users.
  • Reflected XSS CAPEC-591 This type of attack is a form of Cross-Site Scripting (XSS) where a malicious script is "reflected" off a vulnerable web application and then executed by a victim's browser. The process starts with an adversary delivering a malicious script to a victim and convincing the victim to send the script to the vulnerable web application.
  • Stored XSS CAPEC-592 An adversary utilizes a form of Cross-site Scripting (XSS) where a malicious script is persistently "stored" within the data storage of a vulnerable web application as valid input.
  • Cross-Site Scripting (XSS) CAPEC-63 An adversary embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • AJAX Footprinting CAPEC-85 This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.

Vulnerable Configurations

  • cpe:2.3:a:os4ed:opensis:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:4.8:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:4.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:4.9:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.0:-:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.3:*:*:*:community:*:*:*
    cpe:2.3:a:os4ed:opensis:7.3:*:*:*:community:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.3:*:*:*:-:*:*:*
    cpe:2.3:a:os4ed:opensis:7.3:*:*:*:-:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:os4ed:opensis:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:os4ed:opensis:7.4:*:*:*:*:*:*:*

CVSS3 Source

nvd@nist.gov

CVSS3 Type

Primary

CVSS3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Protect Your Infrastructure: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

Recently Published CVEs

  • CVE-2025-1381 – A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown ...
  • CVE-2025-1380 – A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of...
  • CVE-2025-1379 – A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerabili...
  • CVE-2025-1378 – A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/r...
  • CVE-2024-47935 – Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an ...
  • CVE-2024-13726 – The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action ...
  • CVE-2024-13627 – The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a R...
  • CVE-2024-13626 – The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the pag...
  • CVE-2024-13625 – The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a...
  • CVE-2024-13608 – The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perfo...