Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMicrosoftCVE-2018-8652
HistoryDec 12, 2018 - 12:29 a.m.

CVE-2018-8652

2018-12-1200:29:02
CWE-79
microsoft
web.nvd.nist.gov
53
windows azure pack
cross-site scripting
xss vulnerability
nvd
cve-2018-8652

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.6%

JSON

A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka “Windows Azure Pack Cross Site Scripting Vulnerability.” This affects Windows Azure Pack Rollup 13.1.

Affected configurations

Nvd
Vulners
Node
microsoftwindows_azure_pack_rollupMatch13.1
VendorProductVersionCPE
microsoftwindows_azure_pack_rollup13.1cpe:2.3:a:microsoft:windows_azure_pack_rollup:13.1:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Windows Azure Pack Rollup 13.1",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Windows Azure Pack Rollup 13.1"
      }
    ]
  }
]

Related

mskb 1
kaspersky 1
prion 1
symantec 1
mscve 1
cvelist 1
nvd 1
mskb
mskb
Script injection of certain symbols bypass portal UI restrictions in Update Rollup 13 for Windows Azure Pack
2018-12-11 08:00:00
kaspersky
kaspersky
KLA11883 ACE vulnerability in Microsoft Azure
2018-12-11 00:00:00
prion
prion
Cross site scripting
2018-12-12 00:29:00
symantec
symantec
Microsoft Windows Azure Pack CVE-2018-8652 Cross Site Scripting Vulnerability
2018-12-11 00:00:00
mscve
mscve
Windows Azure Pack Cross Site Scripting Vulnerability
2018-12-11 08:00:00
cvelist
cvelist
CVE-2018-8652
2018-12-12 00:00:00
nvd
nvd
CVE-2018-8652
2018-12-12 00:29:02

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.6%

JSON
Related for CVE-2018-8652
mskb1kaspersky1prion1symantec1mscve1cvelist1nvd1