CVE-2017-1001001 - Vulnerability Details

Vendors	Products
Pluxml	Pluxml

Link	Providers
https://github.com/pluxml/PluXml/issues/253

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "PluXml", "vendor": "PluXml", "versions": [{"status": "affected", "version": "before 5.6"}]}], "descriptions": [{"lang": "en", "value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."}], "problemTypes": [{"descriptions": [{"description": "XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-01T17:00:00Z", "orgId": "46fe6300-5254-4a98-9594-a9567bec8179", "shortName": "joshbressers"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pluxml/PluXml/issues/253"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "josh@bress.net", "ID": "CVE-2017-1001001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PluXml", "version": {"version_data": [{"version_value": "before 5.6"}]}}]}, "vendor_name": "PluXml"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS"}]}]}, "references": {"reference_data": [{"name": "https://github.com/pluxml/PluXml/issues/253", "refsource": "CONFIRM", "url": "https://github.com/pluxml/PluXml/issues/253"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:41.650Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pluxml/PluXml/issues/253"}]}]}, "cveMetadata": {"assignerOrgId": "46fe6300-5254-4a98-9594-a9567bec8179", "assignerShortName": "joshbressers", "cveId": "CVE-2017-1001001", "datePublished": "2017-11-01T17:00:00Z", "dateReserved": "2017-11-01T00:00:00Z", "dateUpdated": "2024-09-16T23:11:37.230Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : PluXml (string)

vendor : PluXml (string)

versions : [ »

0 : { »

status : affected (string)

version : before 5.6 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : XSS (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-11-01T17:00:00Z (string)

orgId : 46fe6300-5254-4a98-9594-a9567bec8179 (string)

shortName : joshbressers (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/pluxml/PluXml/issues/253 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : josh@bress.net (string)

ID : CVE-2017-1001001 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : PluXml (string)

version : { »

version_data : [ »

0 : { »

version_value : before 5.6 (string)

}

]

}

]

}

vendor_name : PluXml (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : XSS (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/pluxml/PluXml/issues/253 (string)

refsource : CONFIRM (string)

url : https://github.com/pluxml/PluXml/issues/253 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:00:41.650Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/pluxml/PluXml/issues/253 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 46fe6300-5254-4a98-9594-a9567bec8179 (string)

assignerShortName : joshbressers (string)

cveId : CVE-2017-1001001 (string)

datePublished : 2017-11-01T17:00:00Z (string)

dateReserved : 2017-11-01T00:00:00Z (string)

dateUpdated : 2024-09-16T23:11:37.230Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pluxml:pluxml:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "BBB586C0-F857-4A69-B8B0-A28B07176046", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges."}, {"lang": "es", "value": "PluXml versi\u00f3n 5.6 es vulnerable a Cross-Site Scripting (XSS) persistente en la p\u00e1gina de creaci\u00f3n de art\u00edculos, lo que puede dar como resultado un escalado de privilegios."}], "id": "CVE-2017-1001001", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-01T17:29:00.227", "references": [{"source": "46fe6300-5254-4a98-9594-a9567bec8179", "url": "https://github.com/pluxml/PluXml/issues/253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/pluxml/PluXml/issues/253"}], "sourceIdentifier": "46fe6300-5254-4a98-9594-a9567bec8179", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pluxml:pluxml:5.6:*:*:*:*:*:*:* (string)

matchCriteriaId : BBB586C0-F857-4A69-B8B0-A28B07176046 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. (string)

}

1 : { »

lang : es (string)

value : PluXml versión 5.6 es vulnerable a Cross-Site Scripting (XSS) persistente en la página de creación de artículos, lo que puede dar como resultado un escalado de privilegios. (string)

}

]

id : CVE-2017-1001001 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-11-01T17:29:00.227 (string)

references : [ »

0 : { »

source : 46fe6300-5254-4a98-9594-a9567bec8179 (string)

url : https://github.com/pluxml/PluXml/issues/253 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://github.com/pluxml/PluXml/issues/253 (string)

}

]

sourceIdentifier : 46fe6300-5254-4a98-9594-a9567bec8179 (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object