NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2019-25095

Summary	A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability.
Publication Date	Jan. 5, 2023, 5:15 p.m.
Registration Date	Jan. 6, 2023, 10 a.m.
Last Update	Nov. 21, 2024, 1:39 p.m.

CVSS3.1 : MEDIUM
スコア	6.1
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	要
影響の想定範囲(S)	変更あり
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:ldapcherry_project:ldapcherry::::::::					1.0.0

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9		Patch
2	https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9		Patch
3	https://github.com/kakwa/ldapcherry/pull/16		Issue Tracking Patch
4	https://github.com/kakwa/ldapcherry/pull/16		Issue Tracking Patch
5	https://github.com/kakwa/ldapcherry/releases/tag/1.0.0		Release Notes Third Party Advisory
6	https://github.com/kakwa/ldapcherry/releases/tag/1.0.0		Release Notes Third Party Advisory
7	https://vuldb.com/?ctiid.217434		Third Party Advisory
8	https://vuldb.com/?ctiid.217434		Third Party Advisory
9	https://vuldb.com/?id.217434		Third Party Advisory
10	https://vuldb.com/?id.217434		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html