nvd-json-data-feeds/CVE-2022/CVE-2022-285xx/CVE-2022-28586.json

{
  "id": "CVE-2022-28586",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-04-25T13:15:49.773",
  "lastModified": "2022-05-03T19:44:15.957",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo XSS en la p\u00e1gina de edici\u00f3n de Hoosk 1.8.0 permite al atacante ejecutar c\u00f3digo javascript en el navegador del usuario por medio de la p\u00e1gina de edici\u00f3n con la carga \u00fatil XSS omitiendo el filtro de algunos caracteres especiales"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hoosk:hoosk:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "82154F24-2E08-490F-8040-1E8D19AD554C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/havok89/Hoosk/issues/63",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}