cvelist/2018/15xxx/CVE-2018-15613.json

{
    "CVE_data_meta": {
        "ASSIGNER": "securityalerts@avaya.com",
        "ID": "CVE-2018-15613",
        "STATE": "PUBLIC",
        "TITLE": "Orchestration Designer Runtime Config XSS"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Orchestration Designer",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions up to 7.2.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Avaya"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://downloads.avaya.com/css/P8/documents/101052293",
                "refsource": "CONFIRM",
                "url": "https://downloads.avaya.com/css/P8/documents/101052293"
            }
        ]
    },
    "source": {
        "advisory": "ASA-2018-278"
    }
}
- Synchronized data. 2018-08-21 11:06:54 -04:00			`{`
"-Synchronized-Data." 2019-03-18 03:33:44 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "securityalerts@avaya.com",`
			`"ID": "CVE-2018-15613",`
			`"STATE": "PUBLIC",`
			`"TITLE": "Orchestration Designer Runtime Config XSS"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Orchestration Designer",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions up to 7.2.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Avaya"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
Initial public release of CVE-2018-15612 and CVE-2018-15613 for ASA-2018-278 2018-09-21 09:51:46 -06:00			`{`
"-Synchronized-Data." 2019-03-18 03:33:44 +00:00			`"lang": "eng",`
			`"value": "A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1."`
Initial public release of CVE-2018-15612 and CVE-2018-15613 for ASA-2018-278 2018-09-21 09:51:46 -06:00			`}`
"-Synchronized-Data." 2019-03-18 03:33:44 +00:00			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.3,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://downloads.avaya.com/css/P8/documents/101052293",`
			`"refsource": "CONFIRM",`
			`"url": "https://downloads.avaya.com/css/P8/documents/101052293"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "ASA-2018-278"`
			`}`
			`}`