{"id": "CVE-2009-2292", "bulletinFamily": "NVD", "title": "CVE-2009-2292", "description": "Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "published": "2009-07-01T13:00:00", "modified": "2017-08-17T01:30:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2292", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/35171", "https://exchange.xforce.ibmcloud.com/vulnerabilities/50679", "http://www.securityfocus.com/bid/35070", "http://jvn.jp/en/jp/JVN42927215/index.html", "http://www.appleple.com/news/index.php?ID=170", "http://www.osvdb.org/54636", "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000030.html"], "cvelist": ["CVE-2009-2292"], "type": "cve", "lastseen": "2019-05-29T18:09:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "5a52a66207bf7ab2ba65f132787c5d57"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b60c241261906f3fa9b8e32ff7da057f"}, {"key": "cpe23", "hash": "df97deb75bb0783f563dc3951a4716e2"}, {"key": "cvelist", "hash": "1523c49795bf05a5e744b325a51a18d5"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "d6b0d286ea22ddd1af385e5c5c56b647"}, {"key": "href", "hash": "df92f97bfcef3953aa81ce292867822c"}, {"key": "modified", "hash": "aa7087b4e0941d576941150df34902f5"}, {"key": "published", "hash": "0ec8f1a1b2e60150707ed251929d7158"}, {"key": "references", "hash": "c4b5da845fdf4eca43d5232bf1965769"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "c8dad5385b33f00acfa3796f21f1a3f2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f20682f06ce0de8377f765312333cbff0f3857a36787842a477bcc107dcde8dd", "viewCount": 0, "enchantments": {"score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:09:59"}, "dependencies": {"references": [{"type": "jvn", "idList": ["JVN:42927215"]}], "modified": "2019-05-29T18:09:59"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:appleple:a-news:2.32"], "affectedSoftware": [{"name": "appleple a-news", "operator": "eq", "version": "2.32"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:appleple:a-news:2.32:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}

{"jvn": [{"lastseen": "2019-05-29T17:21:25", "bulletinFamily": "info", "description": "\n ## Description\n\na-News, a web log system from Appleple, contains a cross-site scripting vulnerability. \n \nNote that future releases and maintenance of a-News ended on May 14, 2009. The developer recommends users who wish to continue using a web log system to use a-blog. \n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n ## Solution\n\n**Do not use a-News** \nAs patches will not be provided, the developer recommends to discontinue the use of a-News and switch to a-blog. \n\n ## Products Affected\n\n * a-News\n", "modified": "2009-05-22T00:00:00", "published": "2009-05-21T00:00:00", "id": "JVN:42927215", "href": "http://jvn.jp/en/jp/JVN42927215/index.html", "title": "JVN#42927215 a-News from Appleple vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}