nvd-json-data-feeds/CVE-2021/CVE-2021-425xx/CVE-2021-42564.json

{
  "id": "CVE-2021-42564",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-11-30T20:15:07.587",
  "lastModified": "2021-12-01T13:43:02.677",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv=\"refresh\"' substring in the editor parameter."
    },
    {
      "lang": "es",
      "value": "Una redirecci\u00f3n abierta mediante la inyecci\u00f3n de HTML en mensajes confidenciales en Cryptshare versiones anteriores a 5.1.0, permite a atacantes remotos (con permiso para proporcionar mensajes confidenciales por medio de Cryptshare) redirigir a las v\u00edctimas objetivo a cualquier URL por medio de la subcadena \"(meta http-equiv=\"refresh\"' en el par\u00e1metro del editor"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cryptshare:cryptshare_server:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "5.1.0",
              "matchCriteriaId": "7FF6677C-4244-4C33-A2CB-E2AF1E7424CC"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-057.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}