{"api_version":"1","generated_at":"2026-07-07T03:16:02+00:00","cve":"CVE-2018-11090","urls":{"html":"https://cve.report/CVE-2018-11090","api":"https://cve.report/api/cve/CVE-2018-11090.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-11090","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-11090"},"summary":{"title":"CVE-2018-11090","description":"An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within \"ProxyPage.aspx\" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-05-14 23:29:00","updated_at":"2018-06-18 14:02:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2018/May/32","name":"http://seclists.org/fulldisclosure/2018/May/32","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/","name":"https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/","refsource":"MISC","tags":["Third Party Advisory"],"title":"Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet – SEC Consult","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-11090","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11090","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"11090","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mybiz","cpe5":"myprocurenet","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"11090","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mybiz","cpe5":"myprocurenet","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-11090","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within \"ProxyPage.aspx\" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/","refsource":"MISC","url":"https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/"},{"name":"http://seclists.org/fulldisclosure/2018/May/32","refsource":"MISC","url":"http://seclists.org/fulldisclosure/2018/May/32"}]}},"nvd":{"publishedDate":"2018-05-14 23:29:00","lastModifiedDate":"2018-06-18 14:02:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mybiz:myprocurenet:5.0.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"11090","Ordinal":"127549","Title":"CVE-2018-11090","CVE":"CVE-2018-11090","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"11090","Ordinal":"1","NoteData":"An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within \"ProxyPage.aspx\" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"11090","Ordinal":"2","NoteData":"2018-05-14","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"11090","Ordinal":"3","NoteData":"2018-05-14","Type":"Other","Title":"Modified"}]}}}