CVE-2019-19865

{"id": "CVE-2019-19865", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-02-21T16:15:11.560", "references": [{"url": "https://networks.unify.com/security/advisories/OBSO-2002-01.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://unify.com/en/support/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload."}, {"lang": "es", "value": "Atos Unify OpenScape UC Application V9 anterior a la versi\u00f3n V9 R4.31.0 y V10 anterior a la versi\u00f3n V10 R0.6.0 permite XSS. Un atacante podr\u00eda explotar esto convenciendo a un usuario autenticado para que inyecte c\u00f3digo JavaScript arbitrario en el campo Nombre del perfil. Un navegador ejecutar\u00eda esta carga XSS almacenada."}], "lastModified": "2020-02-28T20:15:11.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atos:unify_openscape_uc_web_client:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BEC0723-1E36-486D-AE41-E6B80409140C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}