nvd-json-data-feeds/CVE-2019/CVE-2019-54xx/CVE-2019-5422.json

{
  "id": "CVE-2019-5422",
  "sourceIdentifier": "support@hackerone.com",
  "published": "2019-04-03T15:29:01.727",
  "lastModified": "2019-10-09T23:50:50.637",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server."
    },
    {
      "lang": "es",
      "value": "Cross-Site Scripting (XSS) en el paquete buttle denpm, en su versi\u00f3n 0.2.0, provoca una ejecuci\u00f3n de c\u00f3digo proporcionado por el atacante en el navegador de la v\u00edctima cuando un atacante crea un archivo arbitrario en el servidor."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "support@hackerone.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:buttle_project:buttle:0.2.0:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "FD5F0C51-24DF-44A3-9FFF-FB0BE15CD585"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://hackerone.com/reports/331110",
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}