{"containers": {"cna": {"affected": [{"product": "Jboss Aerogear", "vendor": "n/a", "versions": [{"status": "affected", "version": "Jboss Aerogear 1.0.0.final"}]}], "descriptions": [{"lang": "en", "value": "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-01T13:17:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.redhat.com/browse/AEROGEAR-5978"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:18.238Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.redhat.com/browse/AEROGEAR-5978"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3650", "datePublished": "2022-07-01T13:17:25", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:18.238Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_aerogear:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8241631C-9E1A-4612-82F5-92BDFFB73167", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input."}, {"lang": "es", "value": "Se encontraron m\u00faltiples fallos persistentes de tipo cross-site scripting (XSS) en la forma en que Aerogear manejaba determinado contenido suministrado por el usuario. Un atacante remoto podr\u00eda usar estos fallos para comprometer la aplicaci\u00f3n con entradas especialmente dise\u00f1adas"}], "id": "CVE-2014-3650", "lastModified": "2022-07-11T19:41:52.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-01T14:15:08.160", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://issues.redhat.com/browse/AEROGEAR-5978"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Jan Rusnacko and Trevor Jay (Red Hat Product Security).", "bugzilla": {"description": "AeroGear: stored XSS via deviceToken", "id": "1144212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.", "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input."], "name": "CVE-2014-3650", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "mobile", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2014-10-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3650\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3650"], "statement": "Not Vulnerable. Aerogear is not provided by any Red Hat product.", "threat_severity": "Moderate"}