Lucene search

[email protected]CVE-2018-12095

HistoryJun 11, 2018 - 11:29 a.m.

CVE-2018-12095

2018-06-1111:29:00

CWE-79

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

web application

oecms v3.1

info.php

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.

Affected configurations

NVD

Node

oecms_projectoecmsMatch3.1

CPENameOperatorVersion
oecms_project:oecmsoecms project oecmseq3.1

CPE	Name	Operator	Version
oecms_project:oecms	oecms project oecms	eq	3.1

References

cxsecurity.com/issue/WLB-2018060092

www.exploit-db.com/exploits/44895/

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.5%

JSON

Related for CVE-2018-12095

nuclei1 packetstorm1 exploitpack1 prion1 cvelist1 nvd1 zdt1 exploitdb1