CVE-2018-11680

{"id": "CVE-2018-11680", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-06-02T12:29:00.287", "references": [{"url": "http://www.8sec.cc/archives/619", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.8sec.cc/archives/619", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate."}, {"lang": "es", "value": "Se ha descubierto un problema en CmsEasy 6.1_20180508. Hay una vulnerabilidad Cross-Site Request Forgery (CSRF) en el editor de texto enriquecido que puede a\u00f1adir un elemento IFRAME. Esto podr\u00eda ser empleado en un ataque de denegaci\u00f3n de servicio (DoS) si una URL referenciada remota se actualiza a una tasa r\u00e1pida."}], "lastModified": "2024-11-21T03:43:48.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cmseasy:cmseasy:6.0:20180508:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4D2C2AC-0779-4E94-A08B-B349FEBAB300"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}