CVE-2021-33347

{"id": "CVE-2021-33347", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-06-18T11:15:08.683", "references": [{"url": "https://github.com/JPressProjects/jpress/issues/152", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/JPressProjects/jpress/issues/152#issuecomment-850119847", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur."}, {"lang": "es", "value": "Se ha detectado un problema en JPress versiones v3.3.0 y posteriores. Se presentan vulnerabilidades de tipo XSS en el m\u00f3dulo de plantillas y en el m\u00f3dulo de administrador de etiquetas. Si se inicia la sesi\u00f3n en el fondo mediante una contrase\u00f1a d\u00e9bil, puede ocurrir una vulnerabilidad de tipo XSS almacenado"}], "lastModified": "2021-06-21T21:55:52.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9490D0F8-6697-4AD8-B622-08262F8DCE36", "versionEndIncluding": "3.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}