admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-71xx/CVE-2019-7185.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

177 lines
5.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-7185",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2019-12-05T17:15:12.887",
"lastModified": "2023-01-30T18:29:46.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This cross-site scripting (XSS) vulnerability in Music Station allows remote attackers to inject and execute scripts on the administrator\u2019s management console. To fix this vulnerability, QNAP recommend updating Music Station to their latest versions."
},
{
"lang": "es",
"value": "Esta vulnerabilidad de secuencias de comandos entre sitios (XSS) en Music Station permite a los atacantes remotos inyectar y ejecutar secuencias de comandos en la consola de administraci\u00f3n del administrador. Para corregir esta vulnerabilidad, QNAP recomienda actualizar Music Station a sus \u00faltimas versiones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.5",
"matchCriteriaId": "25941E8B-2FB7-415E-AC30-8EC90EF99C06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:qnap:qts:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47B6D38A-D7C9-4D55-921C-488D56C43F25"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.2.7",
"matchCriteriaId": "A83BC796-C1F9-4800-A95C-FCF8148F9926"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.6",
"versionEndIncluding": "4.4.0",
"matchCriteriaId": "73252C6E-C579-41A9-8646-08B85BC32447"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.11",
"matchCriteriaId": "13FE8FEA-014D-4284-8A88-2DCE5206B07A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.0",
"versionEndIncluding": "4.3.4",
"matchCriteriaId": "283F1071-33FF-43A4-845C-5A141DEA80AF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201911-27",
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink