CVE-2018-20328

{"id": "CVE-2018-20328", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2018-12-21T06:29:00.533", "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered \"low risk\" due to the nature of the feature it exploits."}, {"lang": "es", "value": "Chamilo LMS 1.11.8 contiene Cross-Site Scripting (XSS) en main/social/group_view.php en la herramienta de grupos sociales, lo que permite que usuarios autenticados afecten a otros usuarios en condiciones espec\u00edficas de permisos otorgados por los administradores. Se considera que esto tiene un \"riesgo bajo\" debido a la naturaleza de la caracter\u00edstica que explota."}], "lastModified": "2019-01-07T13:37:16.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.11.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F7D15FF-5009-4F3B-B583-DD75E5F9B82D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}