CVE-2018-1000642

EPSS 0.24%
Veröffentlicht 20.08.2018 19:31:37
Zuletzt bearbeitet 21.11.2024 03:40:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Flightairmap ≫ Flightairmap Version0.1 Updatebeta1

Flightairmap ≫ Flightairmap Version0.2 Updatebeta1

Flightairmap ≫ Flightairmap Version0.5 Updatebeta1

Flightairmap ≫ Flightairmap Version0.6 Updatebeta1

Flightairmap ≫ Flightairmap Version1.0 Updatebeta1

Flightairmap ≫ Flightairmap Version1.0 Updatebeta10

Flightairmap ≫ Flightairmap Version1.0 Updatebeta11

Flightairmap ≫ Flightairmap Version1.0 Updatebeta12

Flightairmap ≫ Flightairmap Version1.0 Updatebeta13

Flightairmap ≫ Flightairmap Version1.0 Updatebeta14

Flightairmap ≫ Flightairmap Version1.0 Updatebeta15

Flightairmap ≫ Flightairmap Version1.0 Updatebeta16

Flightairmap ≫ Flightairmap Version1.0 Updatebeta17

Flightairmap ≫ Flightairmap Version1.0 Updatebeta18

Flightairmap ≫ Flightairmap Version1.0 Updatebeta19

Flightairmap ≫ Flightairmap Version1.0 Updatebeta2

Flightairmap ≫ Flightairmap Version1.0 Updatebeta20

Flightairmap ≫ Flightairmap Version1.0 Updatebeta21

Flightairmap ≫ Flightairmap Version1.0 Updatebeta3

Flightairmap ≫ Flightairmap Version1.0 Updatebeta4

Flightairmap ≫ Flightairmap Version1.0 Updatebeta5

Flightairmap ≫ Flightairmap Version1.0 Updatebeta6

Flightairmap ≫ Flightairmap Version1.0 Updatebeta7

Flightairmap ≫ Flightairmap Version1.0 Updatebeta8

Flightairmap ≫ Flightairmap Version1.0 Updatebeta9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.445

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://0dd.zone/2018/08/05/FlightAirMap-Reflected-XSS/

Third Party Advisory

https://github.com/Ysurac/FlightAirMap/issues/410

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1000642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000642

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-1000642