admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-279xx/CVE-2021-27945.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

116 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-27945",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-04-08T17:15:13.237",
"lastModified": "2024-11-21T05:58:53.087",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability affecting versions 2.0.0 up to and including 3.2.4. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes."
},
{
"lang": "es",
"value": "Squirro Insights Engine est\u00e1 afectado por una vulnerabilidad Cross-Site Scripting (XSS) Reflejado que afecta a versiones 2.0.0 hasta la 3.2.4 incluy\u00e9ndola. Un atacante puede utilizar la vulnerabilidad para inyectar c\u00f3digo JavaScript malicioso en la aplicaci\u00f3n, que ser\u00e1 ejecutado en el navegador de cualquier usuario que visualice el contenido relevante de la aplicaci\u00f3n. El c\u00f3digo suministrado por el atacante puede llevar a cabo una amplia variedad de acciones, tal y como robar los tokens de sesi\u00f3n de las v\u00edctimas o las credenciales de inicio de sesi\u00f3n, llevando a cabo acciones arbitrarias en su nombre y registrar sus pulsaciones de teclas"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squirro:squirro:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "0F78C6B4-5F4F-428D-BF19-9DF7E3B8AE27"
}
]
}
]
}
],
"references": [
{
"url": "https://squirro.atlassian.net/wiki/spaces/DOC/pages/2389672672/CVE-2021-27945+-+Cross-Site+Scripting",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://squirro.atlassian.net/wiki/spaces/DOC/pages/2389672672/CVE-2021-27945+-+Cross-Site+Scripting",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink