admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-08-12 02:57:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-79xx/CVE-2019-7908.json
cad-safe-bot bc4d10da48 Auto-Update: 2024-11-23T11:07:34.152052+00:00
2024-11-23 11:10:51 +00:00

127 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-7908",
"sourceIdentifier": "psirt@adobe.com",
"published": "2019-08-02T22:15:17.613",
"lastModified": "2024-11-21T04:48:56.600",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site scripting almacenado en el panel de administraci\u00f3n de Magento versiones 2.1 anteriores a 2.1.18, Magento versiones 2.2 anteriores a 2.2.9, Magento versiones 2.3 anteriores a 2.3.2. Esto podr\u00eda ser explotado por un usuario autenticado con privilegios para modificar la informaci\u00f3n de producto."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"baseScore": 3.5,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.18",
"matchCriteriaId": "DE066118-96FB-423F-B962-F904ACD6340C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.9",
"matchCriteriaId": "C7822059-9FC0-45E5-826B-4DF2AB07F2BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.3.2",
"matchCriteriaId": "6B8C5A27-2957-4373-B0FE-8C7585B4B04E"
}
]
}
]
}
],
"references": [
{
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink