Search criteria
3 vulnerabilities found for grails_fields by grails
FKIE_CVE-2018-1000529
Vulnerability from fkie_nvd - Published: 2018-06-26 16:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/grails-fields-plugin/grails-fields/issues/278 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/martinfrancois/CVE-2018-1000529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grails-fields-plugin/grails-fields/issues/278 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/martinfrancois/CVE-2018-1000529 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| grails | grails_fields | 2.2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:grails:grails_fields:2.2.7:*:*:*:*:grails:*:*",
"matchCriteriaId": "DAE54D2A-C058-447A-85BE-A84EFE40130D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
},
{
"lang": "es",
"value": "El plugin Grails Fields 2.2.7 contiene una vulnerabilidad de Cross Site Scripting (XSS) por el uso de la etiqueta display que puede resultar en XSS. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.2.8."
}
],
"id": "CVE-2018-1000529",
"lastModified": "2024-11-21T03:40:07.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T16:29:01.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1000529 (GCVE-0-2018-1000529)
Vulnerability from cvelistv5 – Published: 2018-06-26 16:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-05T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.039719",
"DATE_REQUESTED": "2018-05-24T16:06:51",
"ID": "CVE-2018-1000529",
"REQUESTER": "soeren@glasius.dk",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grails-fields-plugin/grails-fields/issues/278",
"refsource": "MISC",
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"name": "https://github.com/martinfrancois/CVE-2018-1000529",
"refsource": "MISC",
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000529",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-05-24T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000529 (GCVE-0-2018-1000529)
Vulnerability from nvd – Published: 2018-06-26 16:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-05T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.039719",
"DATE_REQUESTED": "2018-05-24T16:06:51",
"ID": "CVE-2018-1000529",
"REQUESTER": "soeren@glasius.dk",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grails-fields-plugin/grails-fields/issues/278",
"refsource": "MISC",
"url": "https://github.com/grails-fields-plugin/grails-fields/issues/278"
},
{
"name": "https://github.com/martinfrancois/CVE-2018-1000529",
"refsource": "MISC",
"url": "https://github.com/martinfrancois/CVE-2018-1000529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000529",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-05-24T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}