CVE-2018-11430 - OpenCVE

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Moderator Log Notes Project	Moderator Log Notes

Configuration 1 [-]

cpe:2.3:a:moderator_log_notes_project:moderator_log_notes:1.1:*:*:*:*:mybb:*:*

References

Link	Resource
https://www.exploit-db.com/exploits/44754/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-28T16:00:00

Updated: 2018-05-28T15:57:01

Reserved: 2018-05-24T00:00:00

Link: CVE-2018-11430

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-28T16:29:00.263

Modified: 2018-06-28T13:22:34.150

Link: CVE-2018-11430

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moderator_log_notes_project:moderator_log_notes:1.1:*:*:*:*:mybb:*:*", "matchCriteriaId": "B3FB2BA7-E914-4ED7-9B33-69935B0379AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por inyecci\u00f3n SQL en Trend Micro Smart Protection Server (Standalone) 3.x podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en instalaciones vulnerables debido a un error en la gesti\u00f3n de par\u00e1metros proporcionados a wcs\\_bwlists\\_handler.php. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad."}], "id": "CVE-2018-11430", "lastModified": "2018-06-28T13:22:34.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-28T16:29:00.263", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44754/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}