Lucene search

[email protected]CVE-2017-1000491

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2017-1000491

2022-10-0316:23:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-1000491

shiba

markdown

live preview

xss

code execution

node integration

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Affected configurations

NVD

Node

shiba_projectshibaMatch1.1.0

CPENameOperatorVersion
shiba_project:shibashiba project shibaeq1.1.0

CPE	Name	Operator	Version
shiba_project:shiba	shiba project shiba	eq	1.1.0

References

github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

github.com/rhysd/Shiba/issues/42

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

27.1%

JSON

Related for CVE-2017-1000491

prion1 osv2 veracode1 cvelist1 github1 nvd1