CVE-2019-14286

{"id": "CVE-2019-14286", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-07-27T18:15:12.120", "references": [{"url": "https://github.com/MISP/MISP/commit/26bedd8a68c32a2f14460a8eac2a9fb09923392b", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability."}, {"lang": "es", "value": "En el archivo app/webroot/js/event-graph.js en MISP versi\u00f3n 2.4.111, se presenta una vulnerabilidad de tipo XSS almacenado en la visualizaci\u00f3n de gr\u00e1ficos de eventos cuando un usuario alterna la visualizaci\u00f3n de gr\u00e1ficos de eventos. Se necesita dise\u00f1ar un evento MISP malicioso para desencadenar la vulnerabilidad."}], "lastModified": "2019-07-31T16:16:52.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misp:misp:2.4.111:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CB63EB0-A4AE-4FE4-BF70-4426C3DC3BCF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}