{"id":"CVE-2020-24135","details":"A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.","modified":"2026-07-09T00:06:40.172197Z","published":"2021-04-07T16:15:12.977Z","references":[{"type":"ADVISORY","url":"https://github.com/secwx/research/blob/main/cve/CVE-2020-24135.md"},{"type":"REPORT","url":"https://github.com/vedees/wcms/issues/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vedees/wcms","events":[{"introduced":"ae9b65e011d8a1a92350db7830c11df3ea97a6f7"},{"last_affected":"ae9b65e011d8a1a92350db7830c11df3ea97a6f7"}],"database_specific":{"cpe":"cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.3.2"},{"last_affected":"0.3.2"}],"source":"CPE_STRING"}}],"versions":["0.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24135.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}