CVE-2018-5479

{"id": "CVE-2018-5479", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-01-15T16:29:00.190", "references": [{"url": "https://www.exploit-db.com/exploits/43567/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed."}, {"lang": "es", "value": "FoxSash ImgHosting 1.5 (seg\u00fan la informaci\u00f3n del pie de p\u00e1gina) es vulnerable a ataques de XSS. La funci\u00f3n afectada es su motor de b\u00fasqueda mediante el par\u00e1metro search en el URI por defecto. Debido a que hay una interfaz de inicio de sesi\u00f3n user/admin, es posible que los atacantes roben la sesi\u00f3n de los usuarios y los admin(s). Se ejecutar\u00e1 c\u00f3digo por medio del env\u00edo de una URL infectada a los usuarios."}], "lastModified": "2018-02-05T14:24:49.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxsash:imghosting:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B59F27A7-D8DB-42B7-BD88-C1A6F81CA9C4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}