CVE-2015-5520

{"id": "CVE-2015-5520", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-07-14T16:59:06.953", "references": [{"url": "http://docs.orchardproject.net/Documentation/Patch-20150630", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2015/Jul/32", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/37533/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://docs.orchardproject.net/Documentation/Patch-20150630", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/132583/Orchard-CMS-1.9.0-1.8.2-1.7.3-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2015/Jul/32", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://projectzero.gr/en/2015/07/orchard-persistent-xss-vulnerability/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/37533/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comando en el m\u00f3dulo de usuarios de Orchard 1.7.3 hasta 1.8.2 y 1.9.x antes de 1.9.1, permite a un atacante inyectar arbitrariamente secuencias de comandos web o HTML a trav\u00e9s del nombre de usuario cuando se crea una nueva cuenta de usuario, lo cual no es correctamente manejado cuando se elimina una cuenta."}], "lastModified": "2024-11-21T02:33:11.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orchardproject:orchard:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7F5355-5526-4604-90CB-F1857928AB1D"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "667C3DDB-2D95-4F02-9895-1C796D85C5EB"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E71A861-EA18-40C8-B7B1-8A6115BD57D0"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7144C561-3CC3-47B2-BCC1-5D0967454942"}, {"criteria": "cpe:2.3:a:orchardproject:orchard:1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2742E7C-826E-4203-9E5F-F366F1A64508"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}