CVE-2019-12880 Information

Description

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

http://packetstormsecurity.com/files/153405/Quarking-Password-Manager-3.1.84-Clickjacking.html http://seclists.org/fulldisclosure/2019/Jun/31 https://chrome.google.com/webstore/detail/quarking-password-manager/gfkmpfajamepgekgohcdnjogmeamcdmm?hl=en

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3