CVE-2021-45812

{"id": "CVE-2021-45812", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-12-28T15:15:07.343", "references": [{"url": "https://drive.google.com/drive/folders/18YCKzFnS5CZRmzgcwc8g7jvLpmqgy68B?usp=sharing", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://drive.google.com/drive/folders/18YCKzFnS5CZRmzgcwc8g7jvLpmqgy68B?usp=sharing", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking."}, {"lang": "es", "value": "NUUO Network Video Recorder NVRsolo versi\u00f3n 3.9.1, est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). Un atacante puede robar la sesi\u00f3n del usuario mediante la inyecci\u00f3n de c\u00f3digos JavaScript maliciosos que conlleva a un secuestro de la sesi\u00f3n"}], "lastModified": "2024-11-21T06:33:05.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nuuo:nvrsolo_firmware:3.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB0489A1-9846-4603-8B57-E92B21231C05"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nuuo:nvrsolo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E65B459-F53C-4687-9C6A-8D10399F4FC5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}