Lucene search

MitreCVE-2019-9142

HistoryFeb 25, 2019 - 3:29 p.m.

CVE-2019-9142

2019-02-2515:29:00

CWE-79

mitre

web.nvd.nist.gov

cve-2019-9142

b3log symphony

sym

xss

remote code execution

userintro

usernickname

settingsprocessor.java

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.5%

JSON

An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.

Affected configurations

Nvd

Node

b3logsymphonyRange<3.4.7

VendorProductVersionCPE
b3logsymphony*cpe:2.3:a:b3log:symphony:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
b3log	symphony	*	cpe:2.3:a:b3log:symphony::::::::

References

github.com/b3log/symphony/issues/860

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.5%

JSON

Related for CVE-2019-9142