Lucene search

MitreCVE-2018-11090

HistoryMay 14, 2018 - 11:29 p.m.

CVE-2018-11090

2018-05-1423:29:00

CWE-79

mitre

web.nvd.nist.gov

xss

mybiz myprocurenet

proxypage.aspx

security vulnerability

nvd

cve-2018-11090

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within “ProxyPage.aspx” allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

Affected configurations

Nvd

Node

mybizmyprocurenetMatch5.0.0

VendorProductVersionCPE
mybizmyprocurenet5.0.0cpe:2.3:a:mybiz:myprocurenet:5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybiz	myprocurenet	5.0.0	cpe:2.3:a:mybiz:myprocurenet:5.0.0:::::::*

References

seclists.org/fulldisclosure/2018/May/32

www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Related for CVE-2018-11090