{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-08-19T00:00:00", "descriptions": [{"lang": "en", "value": "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ysurac/FlightAirMap/issues/410"}, {"tags": ["x_refsource_MISC"], "url": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-08-19T17:09:33.113772", "DATE_REQUESTED": "2018-08-08T13:01:43", "ID": "CVE-2018-1000642", "REQUESTER": "sajeeb@0dd.zone", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Ysurac/FlightAirMap/issues/410", "refsource": "CONFIRM", "url": "https://github.com/Ysurac/FlightAirMap/issues/410"}, {"name": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/", "refsource": "MISC", "url": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000642", "datePublished": "2022-10-03T16:21:59", "dateReserved": "2018-08-08T00:00:00", "dateUpdated": "2022-10-03T16:21:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "FB6007F3-E745-42EC-B283-BE3C3AA9E2D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.2:beta1:*:*:*:*:*:*", "matchCriteriaId": "C308E338-FE82-4044-A269-EF14885083E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "D42EAC5E-C3E0-422B-8C0B-54A5FF9839D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:0.6:beta1:*:*:*:*:*:*", "matchCriteriaId": "FF6AE053-5341-442B-99D9-FF009EE7B107", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "079915C1-C5C0-40F5-B634-F685FEFDBBB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "1D486A54-A2FD-4A88-91FE-0071A0433A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "9C0325AE-E6EE-42C8-8E8D-284F32B9DE20", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "A67F6F4E-AF94-4447-AC60-53D9909FD68E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "343C0BB3-92C0-4CFB-834F-409D3B274EBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "7D0241E8-0B10-4F06-9713-B76F3A5C40A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "0A09496E-85EB-4B67-B334-089CEC2E7646", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "7E330E1E-6C8B-4848-B0B5-A4BCED5E9C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "6EAB5786-60C9-4F70-B37D-989939283E56", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta18:*:*:*:*:*:*", "matchCriteriaId": "34A900C1-039D-4202-869C-145FD4CE7E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "D99AB17F-DF9F-44F4-BEFF-CD06DBB6BBC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "C9EE05C5-25D0-47BB-8DC0-1F2566B9BB1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "AFFBF007-782A-4191-A0B3-09FC1D696CF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta21:*:*:*:*:*:*", "matchCriteriaId": "4C840237-3B9E-48CB-B30D-515DAA8D1DD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "E0E90C57-4A93-4F64-8A7E-C81234BDDC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "70F464E7-F170-4DA4-A4E5-B2797A5CB717", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "F562B7E7-4CB2-4D00-BAF9-3E05D0B6EF34", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "B4DE3F8E-90C0-48EA-9180-B38C742F776E", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "FAD8B924-8E7C-47AB-8C7E-145184A36BA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "892A72F6-3789-4741-A0A2-AD9FB871C4CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:flightairmap:flightairmap:1.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "F66EA5D8-FF0C-4C2B-BDF3-9E3D4E23A396", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3."}, {"lang": "es", "value": "FlightAirMap en versiones v1.0-beta.21 y anteriores contiene una vulnerabilidad Cross-Site Scripting (XSS) en la variable GET utilizada en el submen\u00fa de la p\u00e1gina de registro, lo que puede provocar acciones no autorizadas y el acceso a datos, robando informaci\u00f3n de sesi\u00f3n. La vulnerabilidad parece haber sido solucionada tras el commit con ID 22b09a3."}], "id": "CVE-2018-1000642", "lastModified": "2018-10-19T17:26:53.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-20T19:31:37.777", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/Ysurac/FlightAirMap/issues/410"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}