Search criteria
4 vulnerabilities found for bf-660c by chiyutw
VAR-201508-0309
Vulnerability from variot - Updated: 2023-12-18 12:20Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. An attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bf-630w",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-630",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": "eq",
"trust": 1.6,
"vendor": "chiyutw",
"version": null
},
{
"model": "bf-660c",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630w",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": "bf-630",
"scope": null,
"trust": 1.4,
"vendor": "chiyu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "chiyu",
"version": null
},
{
"model": "technology bf-660c",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630w",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
},
{
"model": "technology bf-630",
"scope": "eq",
"trust": 0.3,
"vendor": "chiyu",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:chiyutw:bf-630:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:chiyutw:bf-630w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:chiyutw:bf-660c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "76140"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2870",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2870",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. Chiyu BF-630, BF-630W and BF-660C are products of Chiyu. Both the BF-630 and BF-630W are networked fingerprint access controllers. BF-660C is a network type fingerprint access control attendance machine. \nAn attacker could leverage these issues to gain unauthorized access to the affected application, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, or generate authentication credentials to impersonate legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-2870",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU91647568",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05125",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842",
"trust": 0.6
},
{
"db": "BID",
"id": "76140",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"id": "VAR-201508-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
],
"trust": 1.3476190433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05125"
}
]
},
"last_update_date": "2023-12-18T12:20:47.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product Gallery",
"trust": 0.8,
"url": "http://www.chiyu-t.com.tw/pdt_list.asp?area=46\u0026cat=151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/360431"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/80.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2870"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91647568/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2870"
},
{
"trust": 0.3,
"url": "http://www.chiyu-t.com.tw"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#360431"
},
{
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"db": "BID",
"id": "76140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-08-01T01:59:11.943000",
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"date": "2015-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-31T00:00:00",
"db": "CERT/CC",
"id": "VU#360431"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05125"
},
{
"date": "2015-07-31T00:00:00",
"db": "BID",
"id": "76140"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003958"
},
{
"date": "2015-08-03T18:37:25.767000",
"db": "NVD",
"id": "CVE-2015-2870"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chiyu Technology fingerprint access control contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#360431"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-842"
}
],
"trust": 0.6
}
}
FKIE_CVE-2015-2870
Vulnerability from fkie_nvd - Published: 2015-08-01 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/360431 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/360431 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:chiyutw:bf-630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5552984-C8CD-4517-B122-7481A76329CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:chiyutw:bf-630w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49819666-20C3-46EB-99C2-BD383418330E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:chiyutw:bf-660c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67982F3F-AD14-49D6-B05A-ADE1212D3DB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en dispositivos de control de acceso por huella dactilar Chiyu BF-603, BF-60W y BF-660C, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un elemento SCRIPT."
}
],
"id": "CVE-2015-2870",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-01T01:59:11.943",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-2870 (GCVE-0-2015-2870)
Vulnerability from cvelistv5 – Published: 2015-08-01 01:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-01T01:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#360431",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/360431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2870",
"datePublished": "2015-08-01T01:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2870 (GCVE-0-2015-2870)
Vulnerability from nvd – Published: 2015-08-01 01:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-01T01:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#360431",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/360431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#360431",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/360431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2870",
"datePublished": "2015-08-01T01:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}