CVE-2019-18653

{"id": "CVE-2019-18653", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-11-01T19:15:11.290", "references": [{"url": "http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name."}, {"lang": "es", "value": "Se presenta un problema de tipo Cross Site Scripting (XSS) en Avast AntiVirus (Free, Internet Security y Premiere Edition) versi\u00f3n 19.3.2369 build 19.3.4241.440, en la ventana emergente de notificaci\u00f3n de red, permitiendo a un atacante ejecutar c\u00f3digo JavaScript por medio de un nombre SSID."}], "lastModified": "2023-11-07T03:06:53.403", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avast:antivirus:19.3.2369:*:*:*:free:*:*:*", "vulnerable": true, "matchCriteriaId": "9E6447B0-4C67-4D33-AF82-6855C7A1DACD"}, {"criteria": "cpe:2.3:a:avast:antivirus:19.3.2369:*:*:*:internet_security:*:*:*", "vulnerable": true, "matchCriteriaId": "41A01B06-7057-40B0-B5E6-444ACE410865"}, {"criteria": "cpe:2.3:a:avast:antivirus:19.3.2369:*:*:*:premiere:*:*:*", "vulnerable": true, "matchCriteriaId": "96700855-57C7-4D25-869C-40014D0363C6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}