Merge branch 'master' of github.com:CVEProject/cvelist

2025-06-08 05:58:08 +00:00 · 2018-11-06 13:40:53 -05:00 · 2018-11-06 13:40:53 -05:00 · 8a07119429
commit 8a07119429
parent 8f0b0fd53c 0d043b0312
1 changed files with 46 additions and 3 deletions
--- a/2018/17xxx/CVE-2018-17184.json
+++ b/2018/17xxx/CVE-2018-17184.json
@ -1,8 +1,32 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@apache.org",
      "DATE_PUBLIC" : "2018-11-06T00:00:00",
      "ID" : "CVE-2018-17184",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Apache Syncope",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "Apache Syncope releases prior to 2.0.11 and 2.1.2"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apache Software Foundation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +35,26 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Information Disclosure"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "url" : "https://syncope.apache.org/security#CVE-2018-17184:_Stored_XSS"
         }
      ]
   }