CVE-2018-11348

{"id": "CVE-2018-11348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2018-12-04T17:29:00.353", "references": [{"url": "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session."}, {"lang": "es", "value": "Existen dos vulnerabilidades Cross-Site Scripting (XSS) en la p\u00e1gina de edici\u00f3n de perfil del panel de usuario de la aplicaci\u00f3n web YunoHost, desde la versi\u00f3n 2.7.2 hasta la 2.7.4. Mediante la inyecci\u00f3n de una carga \u00fatil JavaScript, estos errores podr\u00edan emplearse para manipular la sesi\u00f3n de un usuario."}], "lastModified": "2018-12-27T16:25:56.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:yunohost:yunohost:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A92861F7-C36C-4B05-9193-53E71F630708", "versionEndIncluding": "2.7.14", "versionStartIncluding": "2.7.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}