CVE-2018-15897 - OpenCVE

PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Website Seller Script Project	Website Seller Script

Configuration 1 [-]

cpe:2.3:a:website_seller_script_project:website_seller_script:2.0.5:*:*:*:*:*:*:*

References

Link	Resource
https://gkaim.com/cve-2018-15897-vikas-chaudhary/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-28T21:00:00

Updated: 2018-08-28T20:57:01

Reserved: 2018-08-26T00:00:00

Link: CVE-2018-15897

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-28T21:29:00.800

Modified: 2018-11-08T13:00:51.417

Link: CVE-2018-15897

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:website_seller_script_project:website_seller_script:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "18476552-28B1-4E17-8177-C7B07C52D03E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn."}, {"lang": "es", "value": "PHP Scripts Mall Website Seller Script 2.0.5 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) mediante c\u00f3digo JavaScript manipulado en los campos \"First Name\", \"Last Name\", \"Company Name\" o \"Fax\", tal y como queda demostrado con crossPwn."}], "id": "CVE-2018-15897", "lastModified": "2018-11-08T13:00:51.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-28T21:29:00.800", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gkaim.com/cve-2018-15897-vikas-chaudhary/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}