Lucene search

MitreCVE-2018-14527

HistoryJul 23, 2018 - 8:29 a.m.

CVE-2018-14527

2018-07-2308:29:00

CWE-79

mitre

web.nvd.nist.gov

xss

vulnerability

xiao5ucompany 1.7

feedback.asp

nvd

cve-2018-14527

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).

Affected configurations

Nvd

Node

xiao5ucompany_projectxiao5ucompanyMatch1.7

VendorProductVersionCPE
xiao5ucompany_projectxiao5ucompany1.7cpe:2.3:a:xiao5ucompany_project:xiao5ucompany:1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xiao5ucompany_project	xiao5ucompany	1.7	cpe:2.3:a:xiao5ucompany_project:xiao5ucompany:1.7:::::::*

References

github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Related for CVE-2018-14527