How severe is CVE-2020-4047?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-4047?

This is classified as CWE-80, which is a common weakness in software security.

CVE-2020-4047 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

Related Vulnerabilities

CVE-2019-5450

MEDIUM

CVSS:6.8(Medium)

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.

CWE-802019

CVE-2024-42195

MEDIUM

CVSS:6.8(Medium)

HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.

CWE-802024

CVE-2024-47139

MEDIUM

CVSS:6.8(Medium)

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context...

CWE-802024

CVE-2023-49852

MEDIUM

CVSS:6.5(Medium)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slic...

CWE-802023

CVE-2024-26282

HIGH

CVSS:7.1(High)

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123.

CWE-802024

CVE-2024-26482

HIGH

CVSS:7.1(High)

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1...

CWE-802024