CVE-2019-14770

{"id": "CVE-2019-14770", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-08-08T02:15:11.100", "references": [{"url": "https://backdropcms.org/security/backdrop-sa-core-2019-010", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://backdropcms.org/security/backdrop-sa-core-2019-010", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)"}, {"lang": "es", "value": "En CMS de Backdrop versiones 1.12.x anteriores a 1.12.8 y versiones 1.13.x anteriores a 1.13.3, algunos enlaces de men\u00fa dentro de la barra de administraci\u00f3n pueden ser dise\u00f1ados para ejecutar JavaScript cuando el administrador inicia sesi\u00f3n y usa la funcionalidad search. (Este problema es mitigado por el atacante necesitando permisos para crear enlaces de men\u00fa administrativo, tal y como la creaci\u00f3n de un tipo de contenido o dise\u00f1o. Tales permisos est\u00e1n restringidos usualmente para usuarios confiables o administrativos)."}], "lastModified": "2024-11-21T04:27:18.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backdropcms:backdrop_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DD13689-CB4A-423E-9E68-FFDCF102623D", "versionEndExcluding": "1.12.8", "versionStartIncluding": "1.12.0"}, {"criteria": "cpe:2.3:a:backdropcms:backdrop_core:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F448765-5F16-4C90-B248-3F6D75C86661", "versionEndExcluding": "1.13.3", "versionStartIncluding": "1.13.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}