{"id":"CVE-2018-25097","details":"A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.","modified":"2026-04-11T14:54:41.270658Z","published":"2024-01-02T16:15:11.100Z","references":[{"type":"ADVISORY","url":"https://github.com/acumos/design-studio/releases/tag/2.0.8"},{"type":"ADVISORY","url":"https://vuldb.com/?id.249420"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.249420"},{"type":"FIX","url":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/acumos/design-studio","events":[{"introduced":"0"},{"fixed":"613b224f0fa6eeb47a69897fadb75655e15fa947"},{"fixed":"0df8a5e8722188744973168648e4c74c69ce67fd"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.8"}]}}],"versions":["0.0.29","0.0.31","1.40.2","2.1.0","3.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-25097.json","vanir_signatures_modified":"2026-04-11T14:54:41Z","vanir_signatures":[{"digest":{"function_hash":"105024058093844651907823343305318220301","length":937},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-37b68327","deprecated":false,"target":{"function":"fetchJsonTOSCA","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/ArtfactDetailsController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"threshold":0.9,"line_hashes":["113645984023277874122254864279695899810","316238837421169336157455237970590490941","170819091101600339199093165079510804425","212070714874105539969428416895612041101","190670652774707536015743824992047247877","12210398990974040460446484393214088218","107740023390613310658813217224292930034","165886538656248391257835800258243780368","165272081242141001856089547623936044005","178832002305837144003836161968643579818","86727581217184411438438213494909396002","91882562680408247242597760987337259255"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2018-25097-68de23c2","deprecated":false,"target":{"file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/ArtfactDetailsController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"17922304626923661295334352339296876205","length":848},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-6b483e9c","deprecated":false,"target":{"function":"modifyLink","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"251096607023395650802731915350857275423","length":964},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-6b7fbac5","deprecated":false,"target":{"function":"deleteCompositeSolution","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"145823337962805772319061507040485037508","length":1912},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-72afa825","deprecated":false,"target":{"function":"addLink","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"threshold":0.9,"line_hashes":["83239913781376577806394596312387716294","179461433722511213891951571779378715664","293800877231065797227782573378464043710","5152451688114631182867383445429764019","143333140356147977408294746894529584383","148336814910727257358268417957176239353","11883405404130728948646270082658930988","315027267766839897838264164937338492170","201984412353296968028720103734798838005","82431754528584255932691278839278327028","196784434787579496797530480105502922303","54268908724352758032711217191881247740","236265066593091078356086677348261826959","220858993542240406545827814095626010513","153405321659304751780667391425380587134","317059401328896987491039916209401048435","334346146297072724395349764775367760638","5671111310825851467294472982046511812","54766008886407948261431244207096482714","60185937130775226765152350134139009635","228938915396016565287189485874578390950","77008172754667438075155601675900914034","31658139571411004896852290208134079237","144880477437831998974265267167278140951","5766748875039838934483489841561430665","143598734380602966132708388626729357966","183465182480378829881772548035568588660","255550050580303756546791082598901327462","64825143786743799150219164262715305505","6394421841007827977311611240845663320","290289576139557406583075077407289970609","256673256850497771089914328614114209733","247853016185513443827264831759797595268","37847468887830376027021418195662026133","233869104704484082632873996845166696898","332899651117731150550592694048847375522","167204215417998090111709758298925328299","15322004286043571631569438296408752457","43647773445241928007991622778755853381","212148883601840517946426855861122888843","135713059071508619847669979763261479149","22889242704376823299696579783477993351","209372263775163930100887898242189145668","37739296038326787547008598865530373178","278605115545426942312979982422264986072","19238336461782706943756044110888089847","289325869344174933252811020333962454678","224942355194496928192352427642552492978","53392316477705520622153934819553099460","120691166880500513811157507647097173815","12971268782730088927948437467753385648","284811198318948301295934517594097608685","159516355948577496109197974121280146656","313166497090079467204058765998222933264","297517329494718261292524585046929524320","13556346557732779593632251213835400891"]},"signature_version":"v1","signature_type":"Line","id":"CVE-2018-25097-757906e7","deprecated":false,"target":{"file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"14939615453622338352221894776978948026","length":933},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-7ce64fd7","deprecated":false,"target":{"function":"validateCompositeSolution","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"298861183933991670154409557458275425816","length":896},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-831eae06","deprecated":false,"target":{"function":"setProbeIndicator","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"291067216048774192689980927629829502170","length":739},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-8581b6d3","deprecated":false,"target":{"function":"closeCompositeSolution","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"190796728966535549201534109017785976823","length":2197},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-a7b41f19","deprecated":false,"target":{"function":"saveCompositeSolution","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"238562282518729171393793706937517394281","length":1164},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-b49929c9","deprecated":false,"target":{"function":"deleteNode","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"205687565133037433029437858585079871922","length":1166},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-b6264155","deprecated":false,"target":{"function":"deleteLink","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"80025896930333715110074561334246077681","length":1015},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-ca1e8785","deprecated":false,"target":{"function":"addNode","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"46169237412282626299046417512208187591","length":739},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-ee5d2eec","deprecated":false,"target":{"function":"clearCompositeSolution","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"215611351738188787087355981640127210409","length":639},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-f66d0336","deprecated":false,"target":{"function":"readCompositeSolutionGraph","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"266491471348810435470230501089771270129","length":1017},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-f8184e7d","deprecated":false,"target":{"function":"fetchProtoBufJSON","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/ArtfactDetailsController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"},{"digest":{"function_hash":"292823394516144764535144537409149529490","length":1417},"signature_version":"v1","signature_type":"Function","id":"CVE-2018-25097-f820ed36","deprecated":false,"target":{"function":"modifyNode","file":"ds-compositionengine/src/main/java/org/acumos/designstudio/ce/controller/SolutionController.java"},"source":"https://github.com/acumos/design-studio/commit/0df8a5e8722188744973168648e4c74c69ce67fd"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}