{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T15:47:56.446","vulnerabilities":[{"cve":{"id":"CVE-2018-4065","sourceIdentifier":"talos-cna@cisco.com","published":"2019-05-06T19:29:00.700","lastModified":"2024-11-21T04:06:40.717","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad de Corss-Site Scripting explotable en la funcionalidad ACEManager ping_result.cgi de Sierra Wireless AirLink ES450 FW 4.9.3. Una petición HTTP especialmente creado puede causar la ejecución de código javascript reflejado, resultando en la ejecución de código javascript en el navegador del víctima. Un atacante puede conseguir que una víctima haga clic en un enlace, o URL embebida, que redirija a la vulnerabilidad Corss-Site Scripting reflejada para disparar esta vulnerabilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sierrawireless:airlink_es450_firmware:4.9.3:*:*:*:*:*:*:*","matchCriteriaId":"1B67419F-92AF-48DF-873D-F9E0190BFFD0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sierrawireless:airlink_es450:-:*:*:*:*:*:*:*","matchCriteriaId":"3E042BE5-9B2E-42B9-B455-FDB35251B0A6"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html","source":"talos-cna@cisco.com"},{"url":"http://www.securityfocus.com/bid/108147","source":"talos-cna@cisco.com"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03","source":"talos-cna@cisco.com"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/152650/Sierra-Wireless-AirLink-ES450-ACEManager-ping_result.cgi-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/108147","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-19-122-03","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2018-0750","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}