CVE-2019-19678

{"id": "CVE-2019-19678", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-12-09T16:15:10.530", "references": [{"url": "https://jira.xpand-it.com/browse/XRAY-4692", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In \"Xray Test Management for Jira\" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test issue."}, {"lang": "es", "value": "En \"Xray Test Management for Jira\" anterior a la versi\u00f3n 3.5.5, los atacantes autenticados remotos pueden causar XSS en el punto de entrada de campo generic por medio del campo Generic Test Definition de un nuevo problema de Generic Test."}], "lastModified": "2019-12-11T02:22:42.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xpand-it:xray_test_mangaement:*:*:*:*:*:jira:*:*", "vulnerable": true, "matchCriteriaId": "C076BC80-13D8-4978-AEC8-7A7D66A37E10", "versionEndExcluding": "3.5.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}