CVE-2020-29205 β Cross-site Scripting in Travel Management System
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 29.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 17
Latest updateMay 24
Description
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7