admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-228xx/CVE-2021-22871.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

156 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-22871",
"sourceIdentifier": "support@hackerone.com",
"published": "2021-01-26T18:16:19.020",
"lastModified": "2021-02-01T18:23:47.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "Revive Adserver versiones anteriores a 5.1.0, permite a cualquier usuario con una cuenta de administrador almacenar contenido posiblemente malicioso en la propiedad del sitio web URL, que luego es mostrada sin saneamiento en la pantalla de generaci\u00f3n de etiquetas affiliate-preview.php, conllevando a una vulnerabilidad de tipo cross-site scripting (XSS ) persistente"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.5
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.0",
"matchCriteriaId": "FA528298-DAAD-4C82-A08C-9F916F5A86BF"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html",
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2021/Jan/60",
"source": "support@hackerone.com",
"tags": [
"Broken Link",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://github.com/revive-adserver/revive-adserver/commit/62a2a0439",
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/revive-adserver/revive-adserver/commit/89b88ce26",
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://hackerone.com/reports/819362",
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.revive-adserver.com/security/revive-sa-2021-001/",
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink