CVE-2019-15230

{"id": "CVE-2019-15230", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-08-28T17:15:09.747", "references": [{"url": "https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account."}, {"lang": "es", "value": "LibreNMS versi\u00f3n v1.54, presenta una vulnerabilidad de tipo XSS en las secciones Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, y Alert Template de la consola de administraci\u00f3n. Esto podr\u00eda conllevar al robo de cookies y otras acciones maliciosas. Esta vulnerabilidad puede ser explotada con una cuenta autenticada."}], "lastModified": "2024-11-21T04:28:15.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:librenms:librenms:1.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8626C43C-CFBE-464B-A22D-3A6DFEFB6F1C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}