Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2018-1000642
HistoryAug 20, 2018 - 7:31 p.m.

CVE-2018-1000642

2018-08-2019:31:37
CWE-79
mitre
web.nvd.nist.gov
20
cve-2018-1000642
flightairmap
xss vulnerability
unauthorized access
session theft
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.3%

JSON

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.

Affected configurations

Nvd
Node
flightairmapflightairmapMatch0.1beta1
OR
flightairmapflightairmapMatch0.2beta1
OR
flightairmapflightairmapMatch0.5beta1
OR
flightairmapflightairmapMatch0.6beta1
OR
flightairmapflightairmapMatch1.0beta1
OR
flightairmapflightairmapMatch1.0beta10
OR
flightairmapflightairmapMatch1.0beta11
OR
flightairmapflightairmapMatch1.0beta12
OR
flightairmapflightairmapMatch1.0beta13
OR
flightairmapflightairmapMatch1.0beta14
OR
flightairmapflightairmapMatch1.0beta15
OR
flightairmapflightairmapMatch1.0beta16
OR
flightairmapflightairmapMatch1.0beta17
OR
flightairmapflightairmapMatch1.0beta18
OR
flightairmapflightairmapMatch1.0beta19
OR
flightairmapflightairmapMatch1.0beta2
OR
flightairmapflightairmapMatch1.0beta20
OR
flightairmapflightairmapMatch1.0beta21
OR
flightairmapflightairmapMatch1.0beta3
OR
flightairmapflightairmapMatch1.0beta4
OR
flightairmapflightairmapMatch1.0beta5
OR
flightairmapflightairmapMatch1.0beta6
OR
flightairmapflightairmapMatch1.0beta7
OR
flightairmapflightairmapMatch1.0beta8
OR
flightairmapflightairmapMatch1.0beta9
VendorProductVersionCPE
flightairmapflightairmap0.1cpe:2.3:a:flightairmap:flightairmap:0.1:beta1:*:*:*:*:*:*
flightairmapflightairmap0.2cpe:2.3:a:flightairmap:flightairmap:0.2:beta1:*:*:*:*:*:*
flightairmapflightairmap0.5cpe:2.3:a:flightairmap:flightairmap:0.5:beta1:*:*:*:*:*:*
flightairmapflightairmap0.6cpe:2.3:a:flightairmap:flightairmap:0.6:beta1:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta1:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta10:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta11:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta12:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta13:*:*:*:*:*:*
flightairmapflightairmap1.0cpe:2.3:a:flightairmap:flightairmap:1.0:beta14:*:*:*:*:*:*
Rows per page:
1-10 of 251

Related

prion 1
cvelist 1
nvd 1
prion
prion
Cross site scripting
2018-08-20 19:31:00
cvelist
cvelist
CVE-2018-1000642
2018-08-20 19:00:00
nvd
nvd
CVE-2018-1000642
2018-08-20 19:31:37

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.3%

JSON
Related for CVE-2018-1000642
prion1cvelist1nvd1