CVE-2019-8290

{"id": "CVE-2019-8290", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-10-01T20:15:11.527", "references": [{"url": "http://www.openwall.com/lists/oss-security/2019/10/02/1", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "larry0@me.com"}, {"url": "http://www.vapidlabs.com/advisory.php?v=210", "tags": ["Permissions Required", "Third Party Advisory"], "source": "larry0@me.com"}, {"url": "https://www.abcprintf.com/view_download.php?id=17", "tags": ["Product"], "source": "larry0@me.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected."}, {"lang": "es", "value": "Una vulnerabilidad en Online Store versi\u00f3n v1.0, los requerimientos del formulario de registro para el formato de correo electr\u00f3nico de un miembro pueden ser omitidos mediante la publicaci\u00f3n directamente en el archivo sent_register.php permitiendo que sean incluidos caracteres especiales y sea inyectada una carga \u00fatil XSS."}], "lastModified": "2019-10-04T19:19:33.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:online_store_system_project:online_store_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38EA240-9349-402E-BF93-8ACF3AFF4D8D"}], "operator": "OR"}]}], "sourceIdentifier": "larry0@me.com"}