CVE-2018-8046

{"id": "CVE-2018-8046", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-07-05T20:29:00.807", "references": [{"url": "http://examples.sencha.com/extjs/6.6.0/release-notes.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2018/Jul/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data."}, {"lang": "es", "value": "El m\u00e9todo getTip() de Action Columns de Sencha Ext JS de la versi\u00f3n 4 a la 6 antes de la 6.6.0 es vulnerable a ataques de Cross-Site Scripting (XSS), incluso cuando se pasan datos escapados por HTML. Este framework no aporta protecci\u00f3n XSS integrada, por lo que el desarrollador debe asegurarse de que los datos se sanean correctamente. Sin embargo, el m\u00e9todo getTip() de Action Columns toma los datos escapados por HTML y los \"desescapa\". Si el tooltip contiene datos controlados por el usuario, un atacante podr\u00eda explotar esto para crear un ataque de Cross-Site Scripting (XSS), incluso aunque los desarrolladores hayan tomado precauciones y escapado los datos."}], "lastModified": "2018-09-04T18:38:37.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sencha:ext_js:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "152EEECB-8FF9-40CA-8B82-CB6E6690DA55", "versionEndExcluding": "6.6.0", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}