CVE-2020-11082 MEDIUM

CVE-2020-11082: Cross-Site Scripting in Kaminari

Vendor Kaminari

Product Kaminari

Weakness CWE-79 · XSS

Published May 28, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.

Key dates

02Disclosure timeline

May 28, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-11082 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CVE-2024-53774 WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability CVE-2020-1673 Junos OS: Reflected Cross-site Scripting vulnerability in J-Web and web based (HTTP/HTTPS) services CVE-2024-31103 WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Reflected Cross Site Scripting (XSS) vulnerability