CVE-2017-5241

{"id": "CVE-2017-5241", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2017-06-28T13:29:00.187", "references": [{"url": "http://www.securityfocus.com/bid/99341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@rapid7.com"}, {"url": "https://community.rapid7.com/community/infosec/blog/2017/06/27/r7-2017-06-biscom-sftp-xss-cve-2017-5241", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@rapid7.com"}, {"url": "https://cve.biscom.com/bis-sft-cv-003/", "source": "cve@rapid7.com"}, {"url": "http://www.securityfocus.com/bid/99341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/community/infosec/blog/2017/06/27/r7-2017-06-biscom-sftp-xss-cve-2017-5241", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cve.biscom.com/bis-sft-cv-003/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the \"Name\" and \"Description\" fields of a Workspace, as well as the \"Description\" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025."}, {"lang": "es", "value": "Las versiones de Biscom Secure File Transfer 5.0.0.0 a 5.1.1024 son vulnerables a las secuencias cross-site scripting (XSS) persistentes posteriores a la autenticaci\u00f3n (XSS) en los campos \"Name\" y \"Descripci\u00f3n\" de un \u00e1rea de trabajo, as\u00ed como el campo \"Description\" de un Panel Detalles de archivo de un archivo almacenado en un espacio de trabajo. Este problema se resolvi\u00f3 en la versi\u00f3n 5.1.1025."}], "lastModified": "2024-11-21T03:27:21.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:biscom:secure_file_transfer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9ECA38F-FE81-49EF-9B5C-58FBB19AE94F", "versionEndIncluding": "5.1.1015"}], "operator": "OR"}]}], "sourceIdentifier": "cve@rapid7.com"}