admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-14 09:04:53 -04:00
parent ac52e33ca2
commit ba1e7660a5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 1168 additions and 1074 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2017/16xxx/CVE-2017-16860.json
View File

@ -1,77 +1,79 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-05-14T00:00:00",
"ID": "CVE-2017-16860",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-05-14T00:00:00",
"ID" : "CVE-2017-16860",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Application Links",
"version": {
"version_data": [
"product_name" : "Application Links",
"version" : {
"version_data" : [
{
"version_value": "5.2.7",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "5.2.7"
},
{
"version_value": "5.3.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "5.3.0"
},
{
"version_value": "5.3.4",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "5.3.4"
},
{
"version_value": "5.4.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "5.4.0"
},
{
"version_value": "5.4.3",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "5.4.3"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message."
"lang" : "eng",
"value" : "The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://ecosystem.atlassian.net/browse/APL-1363"
"name" : "https://ecosystem.atlassian.net/browse/APL-1363",
"refsource" : "CONFIRM",
"url" : "https://ecosystem.atlassian.net/browse/APL-1363"
}
]
}

129
2018/0xxx/CVE-2018-0568.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"url": "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Joruri Gw Ver 3.2.0 and earlier"
}
]
},
"product_name": "Joruri Gw"
}
]
},
"vendor_name": "SiteBridge Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0568",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Joruri Gw",
"version" : {
"version_data" : [
{
"version_value" : "Joruri Gw Ver 3.2.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "SiteBridge Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt",
"refsource" : "MISC",
"url" : "https://github.com/joruri/joruri-gw/blob/master/doc/INSTALL.txt"
},
{
"name" : "JVN#95589314",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN95589314/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0576.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/events-manager/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN85531148/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Events Manager prior to version 5.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 5.9"
}
]
},
"product_name": "Events Manager"
}
]
},
"vendor_name": "NetWebLogic"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0576",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Events Manager",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 5.9"
}
]
}
}
]
},
"vendor_name" : "NetWebLogic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/events-manager/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/events-manager/#developers"
},
{
"name" : "JVN#85531148",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN85531148/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0577.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-google-map-plugin/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN01040170/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 4.0.4"
}
]
},
"product_name": "WP Google Map Plugin"
}
]
},
"vendor_name": "Flipper Code"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0577",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WP Google Map Plugin",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 4.0.4"
}
]
}
}
]
},
"vendor_name" : "Flipper Code"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/wp-google-map-plugin/#developers"
},
{
"name" : "JVN#01040170",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN01040170/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0578.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/pixelyoursite/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN61081552/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in PixelYourSite prior to version 5.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 5.3.0"
}
]
},
"product_name": "PixelYourSite"
}
]
},
"vendor_name": "Minimal Work SRL"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0578",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PixelYourSite",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 5.3.0"
}
]
}
}
]
},
"vendor_name" : "Minimal Work SRL"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/pixelyoursite/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/pixelyoursite/#developers"
},
{
"name" : "JVN#61081552",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN61081552/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0579.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN08386386/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags prior to version 2.2.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.2.4.1"
}
]
},
"product_name": "Open Graph for Facebook, Google+ and Twitter Card Tags"
}
]
},
"vendor_name": "Webdados"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0579",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Open Graph for Facebook, Google+ and Twitter Card Tags",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.2.4.1"
}
]
}
}
]
},
"vendor_name" : "Webdados"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags/#developers"
},
{
"name" : "JVN#08386386",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN08386386/index.html"
}
]
}
}

134
2018/0xxx/CVE-2018-0580.json
View File

@ -1,62 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "http://www.clipstudio.net/en/dl"
},
{
"url": "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)"
}
]
},
"product_name": "CLIP STUDIO series"
}
]
},
"vendor_name": "CELSYS, Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0580",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CLIP STUDIO series",
"version" : {
"version_data" : [
{
"version_value" : "(CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49)"
}
]
}
}
]
},
"vendor_name" : "CELSYS, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.clipstudio.net/en/dl",
"refsource" : "MISC",
"url" : "http://www.clipstudio.net/en/dl"
},
{
"name" : "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win",
"refsource" : "MISC",
"url" : "https://www.clip-studio.com/clip_site/download/clipstudioaction/csaupdater/index_win"
},
{
"name" : "JVN#68345747",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN68345747/"
}
]
}
}

129
2018/0xxx/CVE-2018-0581.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
},
{
"url": "http://jvn.jp/en/jp/JVN33901663/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.378.9383"
}
]
},
"product_name": "RT-AC87U"
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0581",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RT-AC87U",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version prior to 3.0.0.4.378.9383"
}
]
}
}
]
},
"vendor_name" : "ASUS Japan Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/",
"refsource" : "MISC",
"url" : "https://www.asus.com/Networking/RTAC87U/HelpDesk_BIOS/"
},
{
"name" : "JVN#33901663",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33901663/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0582.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
},
{
"url": "http://jvn.jp/en/jp/JVN73742314/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.1031"
}
]
},
"product_name": "RT-AC68U"
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0582",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RT-AC68U",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version prior to 3.0.0.4.380.1031"
}
]
}
}
]
},
"vendor_name" : "ASUS Japan Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/",
"refsource" : "MISC",
"url" : "https://www.asus.com/Networking/RTAC68U/HelpDesk_BIOS/"
},
{
"name" : "JVN#73742314",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN73742314/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0583.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"url": "http://jvn.jp/en/jp/JVN34562916/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "Firmware version prior to 3.0.0.4.380.4180"
}
]
},
"product_name": "RT-AC1200HP"
}
]
},
"vendor_name": "ASUS Japan Inc."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0583",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RT-AC1200HP",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version prior to 3.0.0.4.380.4180"
}
]
}
}
]
},
"vendor_name" : "ASUS Japan Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/",
"refsource" : "MISC",
"url" : "https://www.asus.com/Networking/RTAC1200HP/HelpDesk_BIOS/"
},
{
"name" : "JVN#34562916",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN34562916/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0585.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Ultimate Member prior to version 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0585",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0586.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the shortcodes function of Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0586",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0587.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in Ultimate Member prior to version 2.0.4 allows remote authenticated users to upload arbitrary image files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0587",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0588.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the AJAX function of Ultimate Member prior to version 2.0.4 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0588",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0589.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0589",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

129
2018/0xxx/CVE-2018-0590.json
View File

@ -1,62 +1,67 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"url": "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ultimate Member prior to version 2.0.4 allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "prior to version 2.0.4"
}
]
},
"product_name": "Ultimate Member"
}
]
},
"vendor_name": "Ultimate Member"
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0590",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Ultimate Member",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.0.4"
}
]
}
}
]
},
"vendor_name" : "Ultimate Member"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to modify the other users profiles via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/ultimate-member/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/ultimate-member/#developers"
},
{
"name" : "JVN#28804532",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28804532/index.html"
}
]
}
}

134
2018/0xxx/CVE-2018-0591.json
View File

@ -1,62 +1,72 @@
{
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en"
},
{
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
},
"product_name": "KINEPASS App"
}
]
},
"vendor_name": "T-JOY CO.,LTD."
}
]
}
},
"CVE_data_meta": {
"ID": "CVE-2018-0591",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
}
}
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "KINEPASS App",
"version" : {
"version_data" : [
{
"version_value" : "for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "T-JOY CO.,LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8",
"refsource" : "MISC",
"url" : "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
},
{
"name" : "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en",
"refsource" : "MISC",
"url" : "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass&hl=en"
},
{
"name" : "JVN#83671755",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN83671755/"
}
]
}
}

88
2018/5xxx/CVE-2018-5230.json
View File

@ -1,85 +1,87 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-5230",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00",
"ID" : "CVE-2018-5230",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Jira",
"version": {
"version_data": [
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_value": "7.6.6",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.6.6"
},
{
"version_value": "7.7.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_value": "7.7.4",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.7.4"
},
{
"version_value": "7.8.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_value": "7.8.4",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.8.4"
},
{
"version_value": "7.9.0",
"version_affected": ">="
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_value": "7.9.2",
"version_affected": "<"
"version_affected" : "<",
"version_value" : "7.9.2"
}
]
}
}
]
},
"vendor_name": "Atlassian"
"vendor_name" : "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified."
"lang" : "eng",
"value" : "The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-67289"
"name" : "https://jira.atlassian.com/browse/JRASERVER-67289",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-67289"
}
]
}