cvelistv5 - cve-2018-11688

CVE-2018-11688 (GCVE-0-2018-11688)

Vulnerability from cvelistv5 – Published: 2018-06-13 16:00 – Updated: 2024-08-05 08:17

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2018/Jun/13	mailing-listx_refsource_FULLDISC
	https://vulmon.com/vulnerabilitydetails?qid=CVE-2…	x_refsource_MISC
	http://packetstormsecurity.com/files/148057/Ignit…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/542060/100…	mailing-listx_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2018/Jun/24	mailing-listx_refsource_FULLDISC
	https://github.com/igniterealtime/Openfire/compar…	x_refsource_CONFIRM
	https://github.com/igniterealtime/Openfire/commit…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:17:08.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
          },
          {
            "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
          },
          {
            "name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-19T23:34:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
        },
        {
          "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
        },
        {
          "name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
            },
            {
              "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
              "refsource": "MISC",
              "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
            },
            {
              "name": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
            },
            {
              "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
            },
            {
              "name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
            },
            {
              "name": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2",
              "refsource": "CONFIRM",
              "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
            },
            {
              "name": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a",
              "refsource": "CONFIRM",
              "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-11688",
    "datePublished": "2018-06-13T16:00:00",
    "dateReserved": "2018-06-03T00:00:00",
    "dateUpdated": "2024-08-05T08:17:08.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:igniterealtime:openfire:3.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4046511-3960-4C29-A011-D4D83A20DA3B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.\"}, {\"lang\": \"es\", \"value\": \"Ignite Realtime Openfire 3.7.1 es vulnerable a las secuencias de comandos entre sitios (XSS) es una causa de una validaci\\u00f3n incorrecta de las entradas proporcionadas por el usuario. Un atacante remoto podr\\u00eda explotar esta utilidad mediante una URL manipulada para ejecutar scripts en el navegador web de una v\\u00edctima en el contexto de la seguridad del sitio Web de hospedaje, una vez que haya hecho clic en la URL. Un atacante podr\\u00eda tener esta utilidad para las credenciales de autenticaci\\u00f3n basadas en cookies de la v\\u00edctima.\"}]",
      "id": "CVE-2018-11688",
      "lastModified": "2024-11-21T03:43:49.573",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-06-13T16:29:01.437",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jun/13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jun/24\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/542060/100/0/threaded\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jun/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2018/Jun/24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/542060/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11688\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-06-13T16:29:01.437\",\"lastModified\":\"2024-11-21T03:43:49.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.\"},{\"lang\":\"es\",\"value\":\"Ignite Realtime Openfire 3.7.1 es vulnerable a las secuencias de comandos entre sitios (XSS) es una causa de una validaci\u00f3n incorrecta de las entradas proporcionadas por el usuario. Un atacante remoto podr\u00eda explotar esta utilidad mediante una URL manipulada para ejecutar scripts en el navegador web de una v\u00edctima en el contexto de la seguridad del sitio Web de hospedaje, una vez que haya hecho clic en la URL. Un atacante podr\u00eda tener esta utilidad para las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:igniterealtime:openfire:3.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4046511-3960-4C29-A011-D4D83A20DA3B\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jun/13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jun/24\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/542060/100/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jun/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jun/24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/542060/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2018-14347

Vulnerability from cnvd - Published: 2018-08-01

Title

Ignite Realtime Openfire跨站脚本漏洞（CNVD-2018-14347）

Description

Ignite Realtime Openfire（前称Wildfire）是IgniteRealtime社区的一款采用Java开发且基于XMPP（前称Jabber，即时通讯协议）的跨平台开源实时协作（RTC）服务器，它能够构建高效率的即时通信服务器，并支持上万并发用户数量。 Ignite Realtime Openfire 3.7.1版本中存在跨站脚本漏洞，该漏洞源于程序未能正确的验证用户提交的输入。远程攻击者借助特制的URL利用该漏洞在用户的Web浏览器中执行脚本，窃取基于cookie的用户身份验证凭证。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.igniterealtime.org/projects/openfire/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-11688

Impacted products

Name
Igniterealtime Openfire 3.7.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11688"
    }
  },
  "description": "Ignite Realtime Openfire\uff08\u524d\u79f0Wildfire\uff09\u662fIgniteRealtime\u793e\u533a\u7684\u4e00\u6b3e\u91c7\u7528Java\u5f00\u53d1\u4e14\u57fa\u4e8eXMPP\uff08\u524d\u79f0Jabber\uff0c\u5373\u65f6\u901a\u8baf\u534f\u8bae\uff09\u7684\u8de8\u5e73\u53f0\u5f00\u6e90\u5b9e\u65f6\u534f\u4f5c\uff08RTC\uff09\u670d\u52a1\u5668\uff0c\u5b83\u80fd\u591f\u6784\u5efa\u9ad8\u6548\u7387\u7684\u5373\u65f6\u901a\u4fe1\u670d\u52a1\u5668\uff0c\u5e76\u652f\u6301\u4e0a\u4e07\u5e76\u53d1\u7528\u6237\u6570\u91cf\u3002\r\n\r\nIgnite Realtime Openfire 3.7.1\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u501f\u52a9\u7279\u5236\u7684URL\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7528\u6237\u7684Web\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u811a\u672c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u7528\u6237\u8eab\u4efd\u9a8c\u8bc1\u51ed\u8bc1\u3002",
  "discovererName": "Yavuz Atlas",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.igniterealtime.org/projects/openfire/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14347",
  "openTime": "2018-08-01",
  "products": {
    "product": "Igniterealtime Openfire 3.7.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-11688",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-14",
  "title": "Ignite Realtime Openfire\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2018-14347\uff09"
}

VAR-201806-0919

Vulnerability from variot - Updated: 2023-12-18 13:43

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IgniteRealtimeOpenfire (formerly Wildfire) is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support it. The number of tens of thousands of concurrent users

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0919",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openfire",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "igniterealtime",
        "version": "3.7.1"
      },
      {
        "model": "openfire",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ignite realtime",
        "version": "3.7.1"
      },
      {
        "model": "igniterealtime",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "igniterealtime",
        "version": "3.7.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      }
    ]
  },
  "cve": "CVE-2018-11688",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-11688",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-14347",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-11688",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-11688",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-14347",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-845",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials. IgniteRealtimeOpenfire (formerly Wildfire) is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support it. The number of tens of thousands of concurrent users",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11688",
        "trust": 3.0
      },
      {
        "db": "PACKETSTORM",
        "id": "148057",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "id": "VAR-201806-0919",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:43:41.371000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Openfire",
        "trust": 0.8,
        "url": "http://www.igniterealtime.org/projects/openfire/index.jsp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://packetstormsecurity.com/files/148057/ignite-realtime-openfire-3.7.1-cross-site-scripting.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2018/jun/13"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2018/jun/24"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/igniterealtime/openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/igniterealtime/openfire/compare/v3.9.1...v3.9.2"
      },
      {
        "trust": 1.6,
        "url": "https://vulmon.com/vulnerabilitydetails?qid=cve-2018-11688"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11688"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11688"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "date": "2018-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "date": "2018-06-13T16:29:01.437000",
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "date": "2018-06-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-08-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-14347"
      },
      {
        "date": "2018-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      },
      {
        "date": "2019-06-20T00:15:10.013000",
        "db": "NVD",
        "id": "CVE-2018-11688"
      },
      {
        "date": "2019-06-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ignite Realtime Openfire Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006608"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-845"
      }
    ],
    "trust": 0.6
  }
}

GHSA-JPHJ-5G3M-W7X6

Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-11-22 19:22

Summary

Ignite Realtime Openfire vulnerable to cross-site scripting

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.igniterealtime.openfire:parent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.9.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T19:22:31Z",
    "nvd_published_at": "2018-06-13T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
  "id": "GHSA-jphj-5g3m-w7x6",
  "modified": "2022-11-22T19:22:31Z",
  "published": "2022-05-14T00:57:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11688"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/igniterealtime/Openfire"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
    },
    {
      "type": "WEB",
      "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ignite Realtime Openfire vulnerable to cross-site scripting"
}

FKIE_CVE-2018-11688

Vulnerability from fkie_nvd - Published: 2018-06-13 16:29 - Updated: 2024-11-21 03:43

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Jun/13	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Jun/24
cve@mitre.org	http://www.securityfocus.com/archive/1/542060/100/0/threaded	Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a
cve@mitre.org	https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2
cve@mitre.org	https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Jun/13	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Jun/24
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/542060/100/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a
af854a3a-2127-422b-91ae-364da2661108	https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2
af854a3a-2127-422b-91ae-364da2661108	https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	igniterealtime	openfire	3.7.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:igniterealtime:openfire:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4046511-3960-4C29-A011-D4D83A20DA3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
    },
    {
      "lang": "es",
      "value": "Ignite Realtime Openfire 3.7.1 es vulnerable a las secuencias de comandos entre sitios (XSS) es una causa de una validaci\u00f3n incorrecta de las entradas proporcionadas por el usuario. Un atacante remoto podr\u00eda explotar esta utilidad mediante una URL manipulada para ejecutar scripts en el navegador web de una v\u00edctima en el contexto de la seguridad del sitio Web de hospedaje, una vez que haya hecho clic en la URL. Un atacante podr\u00eda tener esta utilidad para las credenciales de autenticaci\u00f3n basadas en cookies de la v\u00edctima."
    }
  ],
  "id": "CVE-2018-11688",
  "lastModified": "2024-11-21T03:43:49.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-13T16:29:01.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-11688

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11688

Aliases

CVE-2018-11688

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11688",
    "description": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
    "id": "GSD-2018-11688",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-11688"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11688"
      ],
      "details": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
      "id": "GSD-2018-11688",
      "modified": "2023-12-13T01:22:41.966703Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-11688",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
          },
          {
            "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
            "refsource": "MISC",
            "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
          },
          {
            "name": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
          },
          {
            "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
          },
          {
            "name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
          },
          {
            "name": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2",
            "refsource": "CONFIRM",
            "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
          },
          {
            "name": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a",
            "refsource": "CONFIRM",
            "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.7.1]",
          "affected_versions": "Version 3.7.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-06-20",
          "description": "Ignite Realtime Openfire is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Website, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
          "fixed_versions": [
            "4.3.0"
          ],
          "identifier": "CVE-2018-11688",
          "identifiers": [
            "CVE-2018-11688"
          ],
          "not_impacted": "All versions before 3.7.1, all versions after 3.7.1",
          "package_slug": "maven/org.igniterealtime.openfire/distribution",
          "pubdate": "2018-06-13",
          "solution": "Upgrade to version 4.3.0 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11688",
            "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
          ],
          "uuid": "1d5fa045-1e05-4d3e-82d2-50c1f3fea901"
        },
        {
          "affected_range": "(,3.9.2)",
          "affected_versions": "All versions before 3.9.2",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-11-22",
          "description": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
          "fixed_versions": [
            "3.9.2"
          ],
          "identifier": "CVE-2018-11688",
          "identifiers": [
            "GHSA-jphj-5g3m-w7x6",
            "CVE-2018-11688"
          ],
          "not_impacted": "All versions starting from 3.9.2",
          "package_slug": "maven/org.igniterealtime.openfire/parent",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to version 3.9.2 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11688",
            "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a",
            "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2",
            "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
            "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
            "http://seclists.org/fulldisclosure/2018/Jun/13",
            "http://seclists.org/fulldisclosure/2018/Jun/24",
            "http://www.securityfocus.com/archive/1/542060/100/0/threaded",
            "https://github.com/advisories/GHSA-jphj-5g3m-w7x6"
          ],
          "uuid": "e0c4c971-7b6f-43b5-b52a-d70ec623da2b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11688"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim\u0027s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jun/13"
            },
            {
              "name": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
            },
            {
              "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
            },
            {
              "name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "BUGTRAQ",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
            },
            {
              "name": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/igniterealtime/Openfire/compare/v3.9.1...v3.9.2"
            },
            {
              "name": "20180608 Re: Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2018/Jun/24"
            },
            {
              "name": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/igniterealtime/Openfire/commit/ed3492a24274fd454afe93a499db49f3d6335108#diff-3f607cf668ad8f1091e789a2c1dca32a"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-06-20T00:15Z",
      "publishedDate": "2018-06-13T16:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11688 (GCVE-0-2018-11688)

CNVD-2018-14347

VAR-201806-0919

GHSA-JPHJ-5G3M-W7X6

FKIE_CVE-2018-11688

GSD-2018-11688

Tags

Sightings

Nomenclature