CVE-2017-10975

{"id": "CVE-2017-10975", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-07-06T14:29:00.183", "references": [{"url": "https://framagit.org/luc/lutim/issues/40", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Lutim anterior a versi\u00f3n 0.8, podr\u00eda permitir a atacantes remotos inyectar un script web o HTML arbitrario por medio de un nombre de archivo creado de manera inapropiada en una notificaci\u00f3n de carga y en el componente myfiles, si el atacante puede convencer a la v\u00edctima para proceder con una carga a pesar de la aparici\u00f3n de una carga \u00fatil XSS en el nombre del archivo."}], "lastModified": "2017-07-17T17:40:33.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lutim_project:lutim:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C564716-0F30-4D11-BAD3-58C6CC5C1D84", "versionEndIncluding": "0.7.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}