CVE-2018-18362

{"id": "CVE-2018-18362", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-12-06T19:29:00.230", "references": [{"url": "http://www.securityfocus.com/bid/106055", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@symantec.com"}, {"url": "https://support.symantec.com/en_US/article.SYMSA1470.html", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy."}, {"lang": "es", "value": "Norton Password Manager para Android (anteriormente Norton Identity Safe) podr\u00eda ser susceptible a un exploit Cross-Site Scripting (XSS), que es un tipo de problema que puede permitir que los atacantes inyecten scripts del lado del cliente en p\u00e1ginas web visualizadas por otros usuarios. Podr\u00eda emplearse una vulnerabilidad Cross-Site Scripting (XSS) para omitir los controles de acceso como la pol\u00edtica same-origin."}], "lastModified": "2019-01-02T19:32:09.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:norton_password_manager:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "C11AE531-A018-4F21-B899-8B8C6E52E916", "versionEndExcluding": "6.1.0.1045"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}