CVE-2019-1010008 - Vulnerability Details - OpenCVE

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "My Account" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openenergymonitor	Emoncms

Configuration 1 [-]

cpe:2.3:a:openenergymonitor:emoncms:9.8.8:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/emoncms/emoncms/issues/763

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-15T01:54:52

Updated: 2024-08-05T03:07:18.143Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010008

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-15T02:15:10.433

Modified: 2024-11-21T04:17:54.940

Link: CVE-2019-1010008

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Emoncms", "vendor": "OpenEnergyMonitor Project", "versions": [{"status": "affected", "version": "9.8.8"}]}], "descriptions": [{"lang": "en", "value": "OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in \"Name\", \"Location\", \"Bio\" and \"Starting Page\" fields in the \"My Account\" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible."}], "problemTypes": [{"descriptions": [{"description": "Cross Site Scripting (XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-15T01:54:52", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/emoncms/emoncms/issues/763"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2019-1010008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Emoncms", "version": {"version_data": [{"version_value": "9.8.8"}]}}]}, "vendor_name": "OpenEnergyMonitor Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in \"Name\", \"Location\", \"Bio\" and \"Starting Page\" fields in the \"My Account\" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/emoncms/emoncms/issues/763", "refsource": "MISC", "url": "https://github.com/emoncms/emoncms/issues/763"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/emoncms/emoncms/issues/763"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010008", "datePublished": "2019-07-15T01:54:52", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.143Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openenergymonitor:emoncms:9.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "875613E0-4DC7-4485-AB1E-8DAF9313303E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting (XSS). The impact is: Theoretically low, but might potentially enable persistent XSS (user could embed mal. code). The component is: Javascript code execution in \"Name\", \"Location\", \"Bio\" and \"Starting Page\" fields in the \"My Account\" page. File: Lib/listjs/list.js, line 67. The attack vector is: unknown, victim must open profile page if persistent was possible."}, {"lang": "es", "value": "Project Emoncms versi\u00f3n 9.8.8 de OpenEnergyMonitor, est\u00e1 afectado por: Cross Site Scripting (XSS). El impacto es: te\u00f3ricamente bajo, pero potencialmente podr\u00eda habilitar un problema de tipo XSS persistente (el usuario podr\u00eda insertar c\u00f3digo mal.). El componente es: ejecuci\u00f3n de c\u00f3digo Javascript en los campos \"Name\", \"Location\", \"Bio\" y \"Starting Page\" en la p\u00e1gina \"My Account\". Archivo: Lib/listjs/list.js, l\u00ednea 67. El vector de ataque es: desconocido, la v\u00edctima debe abrir la p\u00e1gina del perfil si fue posible la persistencia."}], "id": "CVE-2019-1010008", "lastModified": "2024-11-21T04:17:54.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2019-07-15T02:15:10.433", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/emoncms/emoncms/issues/763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/emoncms/emoncms/issues/763"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}