{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T20:06:19.545","vulnerabilities":[{"cve":{"id":"CVE-2020-5809","sourceIdentifier":"vulnreport@tenable.com","published":"2020-12-30T16:15:12.320","lastModified":"2024-11-21T05:34:38.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS."},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo XSS almacenado en Umbraco CMS versiones anteriores a 8.9.1 o actual.&#xa0;Un usuario autenticado puede inyectar código JavaScript arbitrario en iframes cuando edita contenido usando el editor de texto enriquecido TinyMCE, ya que TinyMCE está configurado para permitir iframes por defecto en Umbraco CMS."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"8.9.1","matchCriteriaId":"C4A8AEE3-81C0-47E0-AC9F-07E1FCC2CCB1"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2020-59","source":"vulnreport@tenable.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2020-59","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}