Lucene search

[email protected]NVD:CVE-2019-13392

HistoryOct 16, 2019 - 12:15 a.m.

CVE-2019-13392

2019-10-1600:15:10

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.7%

JSON

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim’s browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

Affected configurations

Nvd

Node

mindpalettenatemailMatch3.0.15

VendorProductVersionCPE
mindpalettenatemail3.0.15cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mindpalette	natemail	3.0.15	cpe:2.3:a:mindpalette:natemail:3.0.15:::::::*

References

mindpalette.com/tag/natemail/

twitter.com/mindpalette

www.doyler.net/security-not-included/natemail-vulnerabilities

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.7%

JSON

Related for NVD:CVE-2019-13392

prion1 nuclei1 cvelist1 cve1