CVE-2019-8924 - OpenCVE

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apachefriends	Xampp

Configuration 1 [-]

cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html	Exploit VDB Entry Third Party Advisory
http://seclists.org/fulldisclosure/2019/Feb/43	Mailing List Exploit Third Party Advisory
http://www.securityfocus.com/bid/107168	Third Party Advisory VDB Entry
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/	Release Notes Third Party Advisory
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/	Release Notes Third Party Advisory
https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/	Release Notes Third Party Advisory
https://www.exploit-db.com/exploits/46424/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-05-17T01:06:58

Updated: 2019-05-17T01:06:57

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8924

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-05-17T02:29:00.273

Modified: 2019-05-17T14:31:36.787

Link: CVE-2019-8924

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-17T01:06:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"}, {"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2019/Feb/43"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/107168"}, {"tags": ["x_refsource_MISC"], "url": "https://www.exploit-db.com/exploits/46424/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8924", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"}, {"name": "http://seclists.org/fulldisclosure/2019/Feb/43", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2019/Feb/43"}, {"name": "http://www.securityfocus.com/bid/107168", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/107168"}, {"name": "https://www.exploit-db.com/exploits/46424/", "refsource": "MISC", "url": "https://www.exploit-db.com/exploits/46424/"}, {"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/", "refsource": "MISC", "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"}, {"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/", "refsource": "MISC", "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"}, {"name": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/", "refsource": "MISC", "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-8924", "datePublished": "2019-05-17T01:06:58", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2019-05-17T01:06:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:*", "matchCriteriaId": "0562E507-1210-4871-A0E9-A8BC66AB5409", "versionEndIncluding": "5.6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued."}, {"lang": "es", "value": "XAMPP a trav\u00e9s de la versi\u00f3n 5.6.8 permite una vulnerabilidad de XSS por medio del archivo cds-fpdf.php en el par\u00e1metro interpret o titel. NOTA: Este producto est\u00e1 suspendido."}], "id": "CVE-2019-8924", "lastModified": "2019-05-17T14:31:36.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-17T02:29:00.273", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "VDB Entry", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/151756/XAMPP-5.6.8-Cross-Site-Scripting-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Exploit", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Feb/43"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107168"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/1.8.2/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.5.19/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46424/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}