VDB-216959 · CVE-2018-25053 · GCVE-100-216959

moappi Json2html Dok 1.1.x json2html.js Skriptovanje preko sajta

Identifikovana je ranjivost klasifikovana kao Problematiиno u moappi Json2html Dok 1.1.x. Obuhvaćeno je nepoznata funkcija u fajlu json2html.js. Promena uzrokuje Skriptovanje preko sajta. Korišćenjem CWE za opis problema dolazi se do CWE-79. Objava slabosti je izvršena 12/28/2022 kao 2d3d24d971b19a8ed1fb823596300b9835d55801. Izveštaj je dostupan za preuzimanje na github.com. Ova ranjivost je poznata pod oznakom CVE-2018-25053. Napad je moguće izvršiti sa udaljene lokacije. Napad zahteva pristup lokalnoj mreži. Tehnički podaci su dostupni. Нема доступног експлоита. U ovom trenutku, trenutna cena za eksploataciju može iznositi oko USD $0-$5k. Prema MITRE ATT&CK projektu, tehnika napada je T1059.007. Definisano je kao nije definisano. Kao 0-day, očekivana cena na crnom tržištu bila je oko $0-$5k. Prelaskom na verziju 1.2.0 ovaj problem može biti rešen. Ažuriranje je spremno za preuzimanje na github.com. Zakrpa se zove 2d3d24d971b19a8ed1fb823596300b9835d55801. Popravka je dostupna za preuzimanje na github.com. Preporučuje se da se nadogradi relevantna komponenta. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Promene · 66 Tačke podataka

Polje	Kreirali 12/28/2022 12:26	Ažurira 1/2 01/25/2023 16:00	Ažurira 2/2 01/25/2023 16:05
software_vendor	moappi	moappi	moappi
software_name	Json2html	Json2html	Json2html
software_version	<=1.1.x	<=1.1.x	<=1.1.x
software_file	json2html.js	json2html.js	json2html.js
vulnerability_cwe	CWE-79 (Skriptovanje preko sajta)	CWE-79 (Skriptovanje preko sajta)	CWE-79 (Skriptovanje preko sajta)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	2d3d24d971b19a8ed1fb823596300b9835d55801	2d3d24d971b19a8ed1fb823596300b9835d55801	2d3d24d971b19a8ed1fb823596300b9835d55801
advisory_url	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801
countermeasure_name	Nadogradnju	Nadogradnju	Nadogradnju
upgrade_version	1.2.0	1.2.0	1.2.0
countermeasure_upgrade_url	https://github.com/moappi/json2html/releases/tag/1.2.0	https://github.com/moappi/json2html/releases/tag/1.2.0	https://github.com/moappi/json2html/releases/tag/1.2.0
patch_name	2d3d24d971b19a8ed1fb823596300b9835d55801	2d3d24d971b19a8ed1fb823596300b9835d55801	2d3d24d971b19a8ed1fb823596300b9835d55801
countermeasure_patch_url	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801	https://github.com/moappi/json2html/commit/2d3d24d971b19a8ed1fb823596300b9835d55801
source_cve	CVE-2018-25053	CVE-2018-25053	CVE-2018-25053
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1672182000 (12/28/2022)	1672182000 (12/28/2022)	1672182000 (12/28/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.1	4.1	4.1
cvss3_meta_basescore	4.3	4.3	4.9
cvss3_meta_tempscore	4.1	4.1	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1672182000 (12/28/2022)	1672182000 (12/28/2022)
cve_nvd_summary		A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959.	A vulnerability was found in moappi Json2html up to 1.1.x and classified as problematic. This issue affects some unknown processing of the file json2html.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 2d3d24d971b19a8ed1fb823596300b9835d55801. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216959.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			4.3

◂ Prethodne Pregled Sledeжi ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!