CVE-2018-1000512

{"id": "CVE-2018-1000512", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-06-26T16:29:00.960", "references": [{"url": "https://advisories.dxw.com/advisories/xss-in-tooltipy/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://advisories.dxw.com/advisories/xss-in-tooltipy/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1."}, {"lang": "es", "value": "Tooltipy Tooltipy (tooltips for WP) 5 contiene una vulnerabilidad de Cross-Site Scripting (XSS) en el c\u00f3digo corto Glossary que puede resultar en que cualquiera pueda hacer casi las mismas acciones que un administrador. El ataque parece ser explotable mediante un administrador que abra un enlace. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 5.1."}], "lastModified": "2024-11-21T03:40:05.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tooltipy_project:tooltipy:5.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1E86E1B3-A83E-489B-A372-E5F438915074"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}