CVE-2018-1000642

{"id": "CVE-2018-1000642", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-08-20T19:31:37.777", "references": [{"url": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Ysurac/FlightAirMap/issues/410", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3."}, {"lang": "es", "value": "FlightAirMap en versiones v1.0-beta.21 y anteriores contiene una vulnerabilidad Cross-Site Scripting (XSS) en la variable GET utilizada en el submen\u00fa de la p\u00e1gina de registro, lo que puede provocar acciones no autorizadas y el acceso a datos, robando informaci\u00f3n de sesi\u00f3n. La vulnerabilidad parece haber sido solucionada tras el commit con ID 22b09a3."}], "lastModified": "2018-10-19T17:26:53.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.1:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB6007F3-E745-42EC-B283-BE3C3AA9E2D8"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.2:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C308E338-FE82-4044-A269-EF14885083E0"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.5:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D42EAC5E-C3E0-422B-8C0B-54A5FF9839D6"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.6:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6AE053-5341-442B-99D9-FF009EE7B107"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "079915C1-C5C0-40F5-B634-F685FEFDBBB9"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D486A54-A2FD-4A88-91FE-0071A0433A4A"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0325AE-E6EE-42C8-8E8D-284F32B9DE20"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A67F6F4E-AF94-4447-AC60-53D9909FD68E"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "343C0BB3-92C0-4CFB-834F-409D3B274EBA"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0241E8-0B10-4F06-9713-B76F3A5C40A6"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A09496E-85EB-4B67-B334-089CEC2E7646"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E330E1E-6C8B-4848-B0B5-A4BCED5E9C3D"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EAB5786-60C9-4F70-B37D-989939283E56"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34A900C1-039D-4202-869C-145FD4CE7E7C"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99AB17F-DF9F-44F4-BEFF-CD06DBB6BBC3"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9EE05C5-25D0-47BB-8DC0-1F2566B9BB1C"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFFBF007-782A-4191-A0B3-09FC1D696CF0"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C840237-3B9E-48CB-B30D-515DAA8D1DD4"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0E90C57-4A93-4F64-8A7E-C81234BDDC83"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70F464E7-F170-4DA4-A4E5-B2797A5CB717"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F562B7E7-4CB2-4D00-BAF9-3E05D0B6EF34"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4DE3F8E-90C0-48EA-9180-B38C742F776E"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD8B924-8E7C-47AB-8C7E-145184A36BA3"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "892A72F6-3789-4741-A0A2-AD9FB871C4CD"}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F66EA5D8-FF0C-4C2B-BDF3-9E3D4E23A396"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}