nvd-json-data-feeds/CVE-2018/CVE-2018-122xx/CVE-2018-12234.json

{
  "id": "CVE-2018-12234",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-09-06T23:29:00.240",
  "lastModified": "2019-11-12T18:15:10.283",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el software Adrenalin 5.4.0 HRMS. Las entradas proporcionadas por el usuario que contienen JavaScript se repiten en el c\u00f3digo JavaScript de una respuesta HTML mediante el par\u00e1metro strAction en flexiportal/GeneralInfo.aspx."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:myadrenalin:adrenalin:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "73C1F908-8419-4E72-A022-70E013344D63"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/155231/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.thecysec.in/2020/04/xxs-adrenalin-generalinfo-cve-id.html",
      "source": "cve@mitre.org"
    }
  ]
}