admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-256xx/CVE-2022-25620.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

145 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-25620",
"sourceIdentifier": "cve@profelis.com.tr",
"published": "2022-03-30T15:15:08.377",
"lastModified": "2024-11-21T06:52:27.457",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Neutralizaci\u00f3n inapropiada de las etiquetas HTML relacionadas con los scripts en una p\u00e1gina web (XSS b\u00e1sico) en la funcionalidad Group de Profelis IT Consultancy SambaBox permite al usuario AUTENTICADO causar la ejecuci\u00f3n de c\u00f3digos arbitrarios en el servidor vulnerable. Este problema afecta a: Profelis IT Consultancy SambaBox versi\u00f3n 4.0 versiones 4.0 y anteriores en x86"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@profelis.com.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 3.8,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.3,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"baseScore": 3.5,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "cve@profelis.com.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:profelis:sambabox:*:*:*:*:*:*:x86:*",
"versionEndIncluding": "4.0",
"matchCriteriaId": "72B249F6-F5DA-4809-AF06-D5071D3A04D3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.sambabox.io/sambabox-surum-4-0/",
"source": "cve@profelis.com.tr",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.sambabox.io/sambabox-surum-4-0/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink