CVE-2017-1000508

{"id": "CVE-2017-1000508", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-02-09T23:29:00.290", "references": [{"url": "https://github.com/InvoicePlane/InvoicePlane/pull/557", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later."}, {"lang": "es", "value": "Invoice Plane, en versiones 1.5.4 y anteriores, contiene una vulnerabilidad de Cross Site Scripting (XSS) en los detalles de cliente que puede resultar en la ejecuci\u00f3n de c\u00f3digo JavaScript. Parece ser que la vulnerabilidad se ha solucionado en la versi\u00f3n 1.5.5 y siguientes."}], "lastModified": "2018-02-26T21:02:20.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "961CB40E-AD09-4BEF-A451-6FA2114527EB", "versionEndIncluding": "1.5.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}