mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
275 lines
11 KiB
JSON
275 lines
11 KiB
JSON
{
|
|
"id": "CVE-2021-46827",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2022-07-13T05:15:07.237",
|
|
"lastModified": "2022-07-20T14:00:30.887",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha detectado un problema en Oxygen XML WebHelp versiones anteriores a 22.1 build 2021082006 y versiones 23.x anteriores a 23.1 build 2021090310. Una vulnerabilidad de tipo XSS en las propuestas de t\u00e9rminos de b\u00fasqueda (en la documentaci\u00f3n en l\u00ednea generada con Oxygen XML WebHelp) permite a atacantes ejecutar JavaScript al convencer a un usuario de que escriba un texto espec\u00edfico en el campo de b\u00fasqueda de la salida de WebHelp"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.1,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "22.1",
|
|
"matchCriteriaId": "97CBE27A-E9B1-4A81-A863-8ECCD2C685DE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:*:*:*:*:*:*",
|
|
"matchCriteriaId": "95BA9710-B7FC-4B91-9D4D-B0D82492A55C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F333AD05-C30C-44DD-A2C0-82A1728BCF86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5ECBD35A-339C-4294-B29E-13B9A1C4992A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A8548DD-E716-4BF9-BC03-59FBBD3FAE9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DA8760D9-91DF-4D6D-8430-15CEE268228A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:*:*:*:*:*:*",
|
|
"matchCriteriaId": "82D1E10A-8F9C-43E3-BC0B-432966F370BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "22.1",
|
|
"matchCriteriaId": "4403F888-2116-4667-8ECB-DF7567623EAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71B59AC1-3EA9-4DC0-9AD6-B8C1DD7AB900"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:*:*:*:*:*:*",
|
|
"matchCriteriaId": "22EC6803-5D64-43F2-B4E6-50BF33491CA4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C01AED80-95D6-4810-A42C-EB5F72DCF84F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9AEDBCC2-E995-477B-A428-B5C7D8746D3D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D6D94006-A0EB-45F2-9DBF-DBE03E1461AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B46CE8F-B9D0-43C0-BF12-34F7D4D72144"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0F97FE59-3867-4026-B5A7-B2BB89456230"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "22.1",
|
|
"matchCriteriaId": "42D6F2C8-AF77-4654-ABE7-753A49ED3B43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FEFBA0BD-BF91-4CEB-B1B5-FCEB8E300B67"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7BA77776-BF12-4C50-A1B2-B8DE9F61CE88"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:*:*:*:*:*:*",
|
|
"matchCriteriaId": "408E9DDF-72DF-463F-A443-1D1255F8D693"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8482A592-3284-4F71-9068-A27C17A822D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E6BADF9-8836-4E7D-8D66-956E3F2BDA98"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B96522D6-754B-45C1-915D-F0958776BBD2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1498AD01-6985-441E-8664-81429DCF7A9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "22.1",
|
|
"matchCriteriaId": "6D0C0DF7-CFAC-40DE-86A6-FD459A4DFED6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CDEC0A68-BC08-4926-A89D-C43088FD6F38"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:*:*:*:*:*:*",
|
|
"matchCriteriaId": "600D0891-E324-478A-826E-278668FB2C09"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3D5AF010-FB02-42BE-A2D5-C1960E3E524B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A4C1F04-96E3-4309-B212-BAE29FBDF7BA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D61BAC1A-B186-4F44-B6C8-0FBF24D8BB4A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:*:*:*:*:*:*",
|
|
"matchCriteriaId": "73DE8AD4-A52E-4724-B786-891CF0A88B79"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BF44E243-3FF4-4420-B686-57F808251627"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "22.1",
|
|
"matchCriteriaId": "9F760490-2552-42FC-A7B7-7C5E5830ADF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB3CAD3C-C703-4A0F-9746-DE67AE011C24"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7468BF72-0213-4071-B8D0-68D4E521208D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7C3B5D6-815A-4F33-B9BE-CE768B7D6A6B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DEF7FDB0-F8AE-4231-8C52-5A8913C77182"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:*:*:*:*:*:*",
|
|
"matchCriteriaId": "23E1A365-3BE5-48A8-9F39-35E6ED96170F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C0348AA1-0F88-45C2-A44D-8485C737F43A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FFF113FD-3340-435E-B48F-AA4EAF750C9F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |