nvd-json-data-feeds/CVE-2018/CVE-2018-163xx/CVE-2018-16358.json

{
  "id": "CVE-2018-16358",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-09-02T22:29:00.600",
  "lastModified": "2018-10-24T15:17:13.960",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad Cross-Site Scripting (XSS) en inc/core/class.dc.core.php en el gestor multimedia en Dotclear hasta la versi\u00f3n 2.14.1 permite que usuarios autenticados remotos suban contenido HTML que contiene una carga \u00fatil (payload) XSS con la extensi\u00f3n de archivo .ahtml."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.14.1",
              "matchCriteriaId": "79722386-0370-415D-9612-8716A1BAC357"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://hg.dotclear.org/dotclear/rev/d4841d6d65d6",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2018-16358",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2018-09-02T22:29:00.600",`
			`"lastModified": "2018-10-24T15:17:13.960",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en inc/core/class.dc.core.php en el gestor multimedia en Dotclear hasta la versi\u00f3n 2.14.1 permite que usuarios autenticados remotos suban contenido HTML que contiene una carga \u00fatil (payload) XSS con la extensi\u00f3n de archivo .ahtml."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.4,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.3,`
			`"impactScore": 2.7`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "MEDIUM",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "PARTIAL",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 3.5`
			`},`
			`"baseSeverity": "LOW",`
			`"exploitabilityScore": 6.8,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": true`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-79"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:dotclear:dotclear::::::::",`
			`"versionEndIncluding": "2.14.1",`
			`"matchCriteriaId": "79722386-0370-415D-9612-8716A1BAC357"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://hg.dotclear.org/dotclear/rev/d4841d6d65d6",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`