CVE-2020-24145 — Cross-site Scripting in CM Download Manager

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 33.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cminds CM Download Manager

Timeline

PublishedJul 7

Latest updateMay 24

Description

Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDcminds/cm_download_manager2.7.0

🔴Vulnerability Details

GHSA

GHSA-8w8j-8c2x-fmpj: Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2↗2022-05-24

▶

CVEList

CVE-2020-24145: Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2↗2021-07-07

▶