CVE-2020-9299

{"id": "CVE-2020-9299", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-11-09T15:15:13.680", "references": [{"url": "https://github.com/Netflix/dispatch/releases/tag/v20201106", "tags": ["Third Party Advisory"], "source": "security-report@netflix.com"}, {"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2020-004.md", "tags": ["Third Party Advisory"], "source": "security-report@netflix.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user."}, {"lang": "es", "value": "Se detectaron y reportaron vulnerabilidades de tipo XSS en la aplicaci\u00f3n Dispatch, que afectaron los par\u00e1metros name y description de Incident Priority, Incident Type, Tag Type, e Incident Filter. Esta vulnerabilidad puede ser explotada por un usuario autenticado"}], "lastModified": "2020-11-17T20:19:50.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netflix:dispatch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD94C3D-CBB6-4542-8254-7D860E39AFD4", "versionEndExcluding": "20201106"}], "operator": "OR"}]}], "sourceIdentifier": "security-report@netflix.com"}