CVE-2018-1000559

{"id": "CVE-2018-1000559", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-06-26T16:29:02.930", "references": [{"url": "https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/qutebrowser/qutebrowser/issues/4011", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week)."}, {"lang": "es", "value": "La versi\u00f3n de qutebrowser introducida en v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contiene una vulnerabilidad Cross-Site Scripting (XSS) en el comando history en la p\u00e1gina qute://history, que puede resultar en que una p\u00e1gina web puede robar el historial de navegaci\u00f3n del usuario mediante la inyecci\u00f3n de c\u00f3digo JavaScript. Este ataque parece ser explotable si la v\u00edctima abre una p\u00e1gina con un atributo especialmente manipulado y luego abre el sitio qute://history mediante el comando :history. La vulnerabilidad parece estar solucionada en la versi\u00f3n 1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7 que se publicar\u00e1 hoy) y la 1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, publicado despu\u00e9s en esta semana)."}], "lastModified": "2018-08-31T13:19:43.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qutebrowser:qutebrowser:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFB39485-955C-49D9-B865-88A021261DEE", "versionEndExcluding": "1.3.3", "versionStartIncluding": "0.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}