Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-636F4686E84D8131EE446B5FAEB33397

HistoryJul 19, 2019 - 12:00 a.m.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2019-07-1900:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.3%

JSON

Premium Software CLEdit The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a link (A) element.

Affected configurations

Vulners

Node

nugetcleditorRange≤1.4.5

VendorProductVersionCPE
nugetcleditor*cpe:2.3:a:nuget:cleditor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nuget	cleditor	*	cpe:2.3:a:nuget:cleditor::::::::

References

drive.google.com/drive/folders/1UxgdL8SJO6KKnG3bh0-LTl7C6i41VwoW?usp=sharing

nvd.nist.gov/vuln/detail/CVE-2019-1010113

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.3%

JSON

Related for GITLAB-636F4686E84D8131EE446B5FAEB33397