CVE-2022-25620

{"id": "CVE-2022-25620", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@profelis.com.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2022-03-30T15:15:08.377", "references": [{"url": "https://www.sambabox.io/sambabox-surum-4-0/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@profelis.com.tr"}, {"url": "https://www.sambabox.io/sambabox-surum-4-0/", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve@profelis.com.tr", "description": [{"lang": "en", "value": "CWE-80"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86."}, {"lang": "es", "value": "Una vulnerabilidad de Neutralizaci\u00f3n inapropiada de las etiquetas HTML relacionadas con los scripts en una p\u00e1gina web (XSS b\u00e1sico) en la funcionalidad Group de Profelis IT Consultancy SambaBox permite al usuario AUTENTICADO causar la ejecuci\u00f3n de c\u00f3digos arbitrarios en el servidor vulnerable. Este problema afecta a: Profelis IT Consultancy SambaBox versi\u00f3n 4.0 versiones 4.0 y anteriores en x86"}], "lastModified": "2024-11-21T06:52:27.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:profelis:sambabox:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "72B249F6-F5DA-4809-AF06-D5071D3A04D3", "versionEndIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@profelis.com.tr"}