CVE-2018-1000841

{"id": "CVE-2018-1000841", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-12-20T15:29:01.923", "references": [{"url": "https://zend.to/changelog.php", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://zend.to/changelog.php", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."}, {"lang": "es", "value": "Zend.To, en versiones anteriores a la 5.15-1, contiene una vulnerabilidad Cross Site Scripting (XSS) en la p\u00e1gina verify.php que puede resultar en que un atacante podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en el contexto del navegador de la v\u00edctima. Este ataque parece ser explotable mediante una petici\u00f3n HTTP POST. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 5.16-1 Beta."}], "lastModified": "2024-11-21T03:40:28.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zend:zendto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA2C007B-7AF2-4130-9343-E38DEE8DB6B9", "versionEndExcluding": "5.15-1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}