mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
122 lines
5.1 KiB
JSON
122 lines
5.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2018-25086",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Es wurde eine Schwachstelle in sea75300 FanPress CM bis 3.6.3 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft die Funktion getArticlesPreview der Datei inc/controller/action/system/templatepreview.php der Komponente Template Preview. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 3.6.4 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c380d343c2107fcee55ab00eb8d189ce5e03369b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-79 Cross Site Scripting",
|
|
"cweId": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "sea75300",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FanPress CM",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.6.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.6.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.6.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.6.3"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.230235",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.230235"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.230235",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.230235"
|
|
},
|
|
{
|
|
"url": "https://github.com/sea75300/fanpresscm3/commit/c380d343c2107fcee55ab00eb8d189ce5e03369b",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/sea75300/fanpresscm3/commit/c380d343c2107fcee55ab00eb8d189ce5e03369b"
|
|
},
|
|
{
|
|
"url": "https://github.com/sea75300/fanpresscm3/releases/tag/v3.6.4",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/sea75300/fanpresscm3/releases/tag/v3.6.4"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "VulDB GitHub Commit Analyzer"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 3.5,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
|
"baseSeverity": "LOW"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 3.5,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
|
"baseSeverity": "LOW"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 4,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
|
}
|
|
]
|
|
}
|
|
} |