CVE-2019-17225 - OpenCVE

Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Intelliants	Subrion

Configuration 1 [-]

cpe:2.3:a:intelliants:subrion:4.2.1:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/154746/Subrion-4.2.1-Cross-Site-Scripting.html	Exploit Third Party Advisory
https://github.com/intelliants/subrion/issues/845	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-06T16:46:48

Updated: 2019-10-07T16:06:06

Reserved: 2019-10-06T00:00:00

Link: CVE-2019-17225

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-10-06T17:15:11.827

Modified: 2019-10-08T14:10:58.403

Link: CVE-2019-17225

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intelliants:subrion:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E9C1813C-DBF7-4ADF-8FC0-23608A417D29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an \"Admin Member JSON Update\" issue."}, {"lang": "es", "value": "Subrion versi\u00f3n 4.2.1, permite un ataque de tipo XSS por medio del campo Username, Full Name, o Email de panel/members/, tambi\u00e9n se conoce como un problema de \"Admin Member JSON Update\"."}], "id": "CVE-2019-17225", "lastModified": "2019-10-08T14:10:58.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-06T17:15:11.827", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/154746/Subrion-4.2.1-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/intelliants/subrion/issues/845"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}