CVE-2018-16248

{"id": "CVE-2018-16248", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-06-20T16:15:11.133", "references": [{"url": "https://github.com/b3log/solo/issues/12489", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/b3log/solo/issues/12489", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "b3log Solo 2.9.3 has XSS in the Input page under the \"Publish Articles\" menu with an ID of \"articleTags\" stored in the \"tag\" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request."}, {"lang": "es", "value": "b3log Solo versi\u00f3n 2.9.3 presenta XSS en la p\u00e1gina Input bajo el men\u00fa \"Publish Articles\" con un ID de \"articleTags\" almacenadas en el campo JSON \"tag\", que permite a los atacantes remotos inyectar script web o HTML arbitrario arbitrarios por medio de un nombre de sitio minuciosamente creado en una petici\u00f3n HTTP autenticada por el administrador."}], "lastModified": "2024-11-21T03:52:22.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:b3log:solo:2.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1F6960C-59DE-481B-BB34-05A85F501385"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}