CVE-2018-11532 - OpenCVE

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Changuondyu Advanced Statistics Project	Changuondyu Advanced Statistics

Configuration 1 [-]

cpe:2.3:a:changuondyu_advanced_statistics_project:changuondyu_advanced_statistics:1.0.2:*:*:*:*:mybb:*:*

References

Link	Resource
https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a	Patch
https://www.exploit-db.com/exploits/44795/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-29T07:00:00

Updated: 2018-05-31T09:57:01

Reserved: 2018-05-29T00:00:00

Link: CVE-2018-11532

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-29T07:29:00.477

Modified: 2018-06-29T13:28:24.153

Link: CVE-2018-11532

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-31T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a"}, {"name": "44795", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44795/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a", "refsource": "MISC", "url": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a"}, {"name": "44795", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44795/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11532", "datePublished": "2018-05-29T07:00:00", "dateReserved": "2018-05-29T00:00:00", "dateUpdated": "2018-05-31T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:changuondyu_advanced_statistics_project:changuondyu_advanced_statistics:1.0.2:*:*:*:*:mybb:*:*", "matchCriteriaId": "2921595E-D6BA-4D04-8114-9AB92378B998", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field."}, {"lang": "es", "value": "Se ha descubierto un problema en el plugin ChangUonDyU Advanced Statistics 1.0.2 para MyBB. changstats.php tiene Cross-Site Scripting (XSS), tal y como queda demostrado con un campo subject."}], "id": "CVE-2018-11532", "lastModified": "2018-06-29T13:28:24.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-29T07:29:00.477", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/vintagedaddyo/MyBB_Plugin-ChangUonDyU-Advanced-Statistics/commit/8122c93f4c3b517b9d35338fe77ba91d9a6ac08a"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44795/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}