CVE-2019-11776

{"id": "CVE-2019-11776", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-08-09T19:15:11.063", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546816", "tags": ["Exploit", "Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546816", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context."}, {"lang": "es", "value": "En BIRT de Eclipse versiones 1.0 hasta 4.7, el Visor de Reportes permite un ataque de tipo XSS reflejado en el par\u00e1metro URL. El atacante puede ejecutar la carga \u00fatil en el contexto del navegador de la v\u00edctima."}], "lastModified": "2024-11-21T04:21:46.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:business_intelligence_and_reporting_tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CFCA522-FCA5-4EA0-8357-7E89E514C4B6", "versionEndIncluding": "4.7.0", "versionStartIncluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}