admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-156xx/CVE-2018-15641.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

146 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-15641",
"sourceIdentifier": "security@odoo.com",
"published": "2020-12-22T17:15:12.940",
"lastModified": "2020-12-22T19:40:37.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes."
},
{
"lang": "es",
"value": "Un problema de tipo cross-site scripting (XSS) en el m\u00f3dulo web en Odoo Community versiones 11.0 hasta 14.0 y Odoo Enterprise versiones 11.0 hasta 14.0, permite a usuarios internos autenticados remotos inyectar un script web arbitrario en el navegador de una v\u00edctima por medio de atributos de eventos de calendario dise\u00f1ados"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@odoo.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@odoo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "14.0",
"matchCriteriaId": "4ED3084D-DF4C-486F-A161-ADCC24FF61F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "14.0",
"matchCriteriaId": "EBE9D00C-0BB2-4086-B6E3-C5AEC39070C1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/odoo/odoo/issues/63704",
"source": "security@odoo.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink