CVE-2019-7551

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-scripting/", "name": "https://www.bishopfox.com/news/2019/03/cantemo-portal-version-3-8-4-cross-site-scripting/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.bishopfox.com/blog/news-category/advisories/", "name": "https://www.bishopfox.com/blog/news-category/advisories/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9", "name": "https://doc.cantemo.com/latest/ReleaseNotes/intro.html#version-3-4-9", "tags": ["Release Notes", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabilities/", "name": "https://blog-posts--cantemo.netlify.com/news/2019/03/cantemo-portal-xss-vulnerabilities/", "tags": ["Vendor Advisory", "Release Notes"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-7551", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}}, "publishedDate": "2019-04-10T17:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.4.9", "versionStartIncluding": "3.4.0"}, {"cpe23Uri": "cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.3.8", "versionStartIncluding": "3.3.0"}, {"cpe23Uri": "cpe:2.3:a:cantemo:portal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.2.13"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-09-27T16:32Z"}