nvd-json-data-feeds/CVE-2024/CVE-2024-114xx/CVE-2024-11479.json

{
  "id": "CVE-2024-11479",
  "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
  "published": "2024-12-04T01:15:04.650",
  "lastModified": "2024-12-04T01:15:04.650",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the \nemails sent to all users on that ticket."
    },
    {
      "lang": "es",
      "value": " Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n HTML en la versi\u00f3n 17.1 de Issuetrak que podr\u00eda ser activada por un usuario autenticado. Se podr\u00eda agregar marcado HTML a los comentarios de los tickets, que al enviarse se mostrar\u00e1n en los correos electr\u00f3nicos enviados a todos los usuarios de ese ticket."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "LOW",
          "userInteraction": "PASSIVE",
          "vulnerableSystemConfidentiality": "NONE",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes",
      "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"
    }
  ]
}