CVE-2019-17629

{"id": "CVE-2019-17629", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2019-10-16T14:15:14.150", "references": [{"url": "http://dev.cmsmadesimple.org/bug/view/12146", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://forum.cmsmadesimple.org/viewforum.php?f=1", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://dev.cmsmadesimple.org/bug/view/12146", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://forum.cmsmadesimple.org/viewforum.php?f=1", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the \"file manager > upload images\" screen."}, {"lang": "es", "value": "CMS Made Simple (CMSMS) versi\u00f3n 2.2.11, permite un ataque de tipo XSS almacenado por parte de un administrador mediante un nombre de archivo de imagen dise\u00f1ado en la pantalla \"file manager ) upload images\"."}], "lastModified": "2024-11-21T04:32:39.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cmsmadesimple:cms_made_simple:2.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2FF3435-82A1-498B-88AE-B00DE6C31009"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}