CVE-2017-9072

{"id": "CVE-2017-9072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-05-18T17:29:00.117", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/102632", "source": "cve@mitre.org"}, {"url": "https://github.com/victorwon/calendarxp/issues/2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm."}, {"lang": "es", "value": "Dos productos CalendarXP presentan un problema de tipo XSS en partes comunes de archivos HTML. CalendarXP FlatCalendarXP hasta versi\u00f3n 9.9.290, presenta un XSS en los archivos iflateng.htm y nflateng.htm. CalendarXP PopCalendarXP hasta versi\u00f3n 9.8.308, presenta un XSS en los archivos ipopeng.htm y npopeng.htm."}], "lastModified": "2018-01-18T18:18:12.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:calendarxp:flatcalendarxp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25067B4-08DC-4113-89D8-42891466C508", "versionEndIncluding": "9.9.290"}, {"criteria": "cpe:2.3:a:calendarxp:popcalendarxp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "762D9C64-6108-41BC-A2A7-73DAC50809CF", "versionEndIncluding": "9.8.308"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}