CVE-2019-12954

{"id": "CVE-2019-12954", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-02-17T17:15:13.953", "references": [{"url": "https://www.esecforte.com/cve-2019-12954-solarwinds-network-performance-monitor-orion-platform-2018-npm-12-3-netpath-1-1-3-vulnerable-for-stored-xss/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.esecforte.com/cve-2019-12954-solarwinds-network-performance-monitor-orion-platform-2018-npm-12-3-netpath-1-1-3-vulnerable-for-stored-xss/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT."}, {"lang": "es", "value": "SolarWinds Network Performance Monitor (Orion Platform 2018, NPM versi\u00f3n 12.3, NetPath versi\u00f3n 1.1.3), permite un ataque de tipo XSS por parte de usuarios autenticados mediante un atributo onerror dise\u00f1ado de un elemento de VIDEO en una acci\u00f3n para una ALERTA."}], "lastModified": "2024-11-21T04:23:53.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:solarwinds:network_performance_monitor_orion_platform_2018_netpath:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C9688BF-80CB-451D-9D1D-0D50FB71C125"}, {"criteria": "cpe:2.3:a:solarwinds:network_performance_monitor_orion_platform_2018_npm:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72890A00-50CA-44DC-A431-0F96CB1E7244"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}