{"containers": {"cna": {"affected": [{"product": "UmbracoCMS", "vendor": "CyberSecurity Philippines - CERT", "versions": [{"status": "affected", "version": "7.12.3"}]}], "datePublic": "2018-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content."}], "problemTypes": [{"descriptions": [{"description": "Persistent cross-site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-27T19:57:01", "orgId": "8207d157-a9c5-4c55-ab16-b67a7ac0b646", "shortName": "cspcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@cspcert.ph", "DATE_PUBLIC": "2018-11-17T00:00:00", "ID": "CVE-2018-17256", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UmbracoCMS", "version": {"version_data": [{"version_value": "7.12.3"}]}}]}, "vendor_name": "CyberSecurity Philippines - CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Persistent cross-site scripting"}]}]}, "references": {"reference_data": [{"name": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html", "refsource": "MISC", "url": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:47:04.026Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html"}]}]}, "cveMetadata": {"assignerOrgId": "8207d157-a9c5-4c55-ab16-b67a7ac0b646", "assignerShortName": "cspcert", "cveId": "CVE-2018-17256", "datePublished": "2018-11-27T21:00:00Z", "dateReserved": "2018-09-20T00:00:00", "dateUpdated": "2024-09-17T04:08:55.751Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:umbraco:umbraco_cms:7.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "6ACB8626-6DD7-4CDE-8789-7E6E3BE6BC20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content."}, {"lang": "es", "value": "Vulnerabilidad Cross-Site Scripting (XSS) persistente en Umbraco CMS 7.12.3 permite que usuarios autenticados inyecten scripts web arbitrarios mediante el nombre de cabecera de un contenido (Blog, Content Page, etc.). La vulnerabilidad se explota al actualizar o eliminar el acceso p\u00fablico a un contenido."}], "id": "CVE-2018-17256", "lastModified": "2024-11-21T03:54:09.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-27T19:29:00.197", "references": [{"source": "vulnerability@cspcert.ph", "tags": ["Third Party Advisory"], "url": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.cspcert.ph/advisories/2018/CVE-2018-17256.html"}], "sourceIdentifier": "vulnerability@cspcert.ph", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}