CVE-2009-1614

{"id": "CVE-2009-1614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-05-11T20:30:00.297", "references": [{"url": "http://secunia.com/advisories/34943", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/8577", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS) en Leap CMS v0.1.4 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) el par\u00e1metro msg (alias el mensaje a un comentario de un art\u00edculo) o (2) el par\u00e1metro searchterm (alias el formulario de b\u00fasqueda). NOTA: Algunos de estos detalles se obtienen a partir de informaci\u00f3n de terceros."}], "lastModified": "2017-09-29T01:34:27.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gowondesigns:leap:0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E611E6C-54F9-4A63-95BE-104F2D8B7F6E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}