CVE-2018-1000856

{"id": "CVE-2018-1000856", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2018-12-20T17:29:00.377", "references": [{"url": "https://github.com/domainmod/domainmod/issues/80", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/domainmod/domainmod/issues/80", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet."}, {"lang": "es", "value": "DomainMOD, en versiones 4.09.03 y siguientes, tambi\u00e9n verificado en la \u00faltima versi\u00f3n (4.11.01), contiene una vulnerabilidad Cross-Site Scripting (XSS) en el campo Segment Name en la p\u00e1gina \"segments\" que puede resultar en que scripts arbitrarios sean ejecutados en todos los navegadores de los usuarios que visiten la p\u00e1gina afectada. El ataque parece ser explotable mediante una v\u00edctima que visite la p\u00e1gina vulnerable. Actualmente, no existe soluci\u00f3n a este problema."}], "lastModified": "2024-11-21T03:40:30.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "616A3026-9B26-4B76-A1C8-ADA0070A8F40", "versionEndIncluding": "4.11.01", "versionStartIncluding": "4.09.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}