{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T01:24:02.592","vulnerabilities":[{"cve":{"id":"CVE-2017-10975","sourceIdentifier":"cve@mitre.org","published":"2017-07-06T14:29:00.183","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site scripting (XSS) en Lutim anterior a versión 0.8, podría permitir a atacantes remotos inyectar un script web o HTML arbitrario por medio de un nombre de archivo creado de manera inapropiada en una notificación de carga y en el componente myfiles, si el atacante puede convencer a la víctima para proceder con una carga a pesar de la aparición de una carga útil XSS en el nombre del archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lutim_project:lutim:*:*:*:*:*:*:*:*","versionEndIncluding":"0.7.1","matchCriteriaId":"5C564716-0F30-4D11-BAD3-58C6CC5C1D84"}]}]}],"references":[{"url":"https://framagit.org/luc/lutim/issues/40","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://framagit.org/luc/lutim/issues/40","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}