nvd-json-data-feeds/CVE-2021/CVE-2021-394xx/CVE-2021-39491.json

{
  "id": "CVE-2021-39491",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-03-24T15:15:07.793",
  "lastModified": "2022-03-29T15:38:12.770",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . ."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Yogesh Ojha reNgine versi\u00f3n v1.0, por medio del archivo de nombre del Motor de Exploraci\u00f3n en el cuadro modal de confirmaci\u00f3n de eliminaci\u00f3n del Motor de Exploraci\u00f3n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:rengine_project:rengine:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.0.1",
              "matchCriteriaId": "05F154D5-57C4-4258-97B5-A8EBF902EE15"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/yogeshojha/rengine/issues/460",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}