Lucene search

[email protected]CVE-2017-18352

HistoryDec 17, 2018 - 7:29 a.m.

CVE-2017-18352

2018-12-1707:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-18352

error reporting

rendertron 1.0.0

cross site scripting

xss

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.

Affected configurations

NVD

Node

googlerendertronMatch1.0.0

CPENameOperatorVersion
google:rendertrongoogle rendertroneq1.0.0

CPE	Name	Operator	Version
google:rendertron	google rendertron	eq	1.0.0

References

bugs.chromium.org/p/chromium/issues/detail?id=759111

github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e

github.com/GoogleChrome/rendertron/pull/88

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVE-2017-18352

nvd1 osv2 cvelist1 prion1 github1