CVE-2018-25097 LOW

CVE-2018-25097: Acumos Design Studio cross site scripting

Vendor Acumos

Product Design Studio

Weakness CWE-79 · XSS

Published January 2, 2024

Last update September 6, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.

Key dates

02Disclosure timeline

January 2, 2024 CVE published

September 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25097 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2018-25097

CWE CWE-79

CVSS 3.5 / LOW

Affected versions

Vendor Acumos

Product Design Studio

Affected 2.0.0

Vendor Acumos

Product Design Studio

Affected 2.0.1

Vendor Acumos

Product Design Studio

Affected 2.0.2

Vendor Acumos

Product Design Studio

Affected 2.0.3

Vendor Acumos

Product Design Studio

Affected 2.0.4

Vendor Acumos

Product Design Studio

Affected 2.0.5

Vendor Acumos

Product Design Studio

Affected 2.0.6

Vendor Acumos

Product Design Studio

Affected 2.0.7

CVE-2018-25097: Acumos Design Studio cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE