Lucene search

GitHub Advisory DatabaseGHSA-HH56-X62G-GVHC

HistoryJul 26, 2019 - 4:10 p.m.

Cross-site scripting in CLEditor

2019-07-2616:10:06

CWE-79

GitHub Advisory Database

github.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.3%

JSON

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting (XSS). The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.

Affected configurations

Vulners

Node

premiumsoftwarecleditorRange≤1.4.5

VendorProductVersionCPE
premiumsoftwarecleditor*cpe:2.3:a:premiumsoftware:cleditor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
premiumsoftware	cleditor	*	cpe:2.3:a:premiumsoftware:cleditor::::::::

References

drive.google.com/drive/folders/1UxgdL8SJO6KKnG3bh0-LTl7C6i41VwoW?usp=sharing

github.com/advisories/GHSA-hh56-x62g-gvhc

nvd.nist.gov/vuln/detail/CVE-2019-1010113

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.3%

JSON

Related for GHSA-HH56-X62G-GVHC