Search criteria
11 vulnerabilities found for h-sphere by parallels
VAR-200903-0100
Vulnerability from variot - Updated: 2024-02-13 22:22Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. (1) err Parameters (2) errorcode Parameters (3) login Parameters. H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. H-Sphere 3.0.0 Patch 9 and 3.1 Patch 1 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: H-Sphere webshell4 "login.php" Cross-Site Scripting
SECUNIA ADVISORY ID: SA31830
VERIFY ADVISORY: http://secunia.com/advisories/31830/
CRITICAL: Less critical
IMPACT: Cross Site Scripting
WHERE:
From remote
SOFTWARE: H-Sphere 3.x http://secunia.com/advisories/product/19894/
DESCRIPTION: t0fx has reported two vulnerabilities in H-Sphere, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "err" and "login" parameters in webshell4's login.php script is not properly sanitised before being returned to the user.
The vulnerabilities are reported in versions 3.0.0 P9 and 3.1 P1.
SOLUTION: Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY: t0fx. Additional information from Peter M. Abraham.
ORIGINAL ADVISORY: http://www.xssing.com/index.php?x=3&y=65
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200903-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h-sphere",
"scope": "eq",
"trust": 1.6,
"vendor": "parallels",
"version": "3.1"
},
{
"model": "h-sphere",
"scope": "eq",
"trust": 1.6,
"vendor": "parallels",
"version": "3.0.0"
},
{
"model": "h-sphere",
"scope": "eq",
"trust": 0.8,
"vendor": "parallels",
"version": "3.0.0 p9 and 3.1 p1"
},
{
"model": "h-sphere patch",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "3.11"
},
{
"model": "h-sphere patch",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "3.09"
}
],
"sources": [
{
"db": "BID",
"id": "31256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:parallels:h-sphere:3.1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "t0fx",
"sources": [
{
"db": "BID",
"id": "31256"
}
],
"trust": 0.3
},
"cve": "CVE-2008-6465",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-6465",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-6465",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200903-251",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-6465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters. (1) err Parameters (2) errorcode Parameters (3) login Parameters. H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nH-Sphere 3.0.0 Patch 9 and 3.1 Patch 1 are vulnerable; other versions may also be affected. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nH-Sphere webshell4 \"login.php\" Cross-Site Scripting\n\nSECUNIA ADVISORY ID:\nSA31830\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/31830/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nH-Sphere 3.x\nhttp://secunia.com/advisories/product/19894/\n\nDESCRIPTION:\nt0fx has reported two vulnerabilities in H-Sphere, which can be\nexploited by malicious people to conduct cross-site scripting\nattacks. \n\nInput passed to the \"err\" and \"login\" parameters in webshell4\u0027s\nlogin.php script is not properly sanitised before being returned to\nthe user. \n\nThe vulnerabilities are reported in versions 3.0.0 P9 and 3.1 P1. \n\nSOLUTION:\nFilter malicious characters and character sequences in a web proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nt0fx. Additional information from Peter M. Abraham. \n\nORIGINAL ADVISORY:\nhttp://www.xssing.com/index.php?x=3\u0026y=65\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "BID",
"id": "31256"
},
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "PACKETSTORM",
"id": "70138"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-6465",
"trust": 2.8
},
{
"db": "BID",
"id": "31256",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31830",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "48232",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208",
"trust": 0.8
},
{
"db": "XF",
"id": "45254",
"trust": 0.6
},
{
"db": "XF",
"id": "4",
"trust": 0.6
},
{
"db": "XF",
"id": "45252",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2008-6465",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "BID",
"id": "31256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "PACKETSTORM",
"id": "70138"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"id": "VAR-200903-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33333334
},
"last_update_date": "2024-02-13T22:22:42.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "H-Sphere",
"trust": 0.8,
"url": "http://www.parallels.com/jp/products/hsphere/"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31830"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31256"
},
{
"trust": 1.7,
"url": "http://osvdb.org/48232"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6465"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6465"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/45254"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/45252"
},
{
"trust": 0.3,
"url": "http://www.parallels.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/19894/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31830/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "BID",
"id": "31256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "PACKETSTORM",
"id": "70138"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"db": "BID",
"id": "31256"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"db": "PACKETSTORM",
"id": "70138"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"date": "2008-09-19T00:00:00",
"db": "BID",
"id": "31256"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"date": "2008-09-20T18:41:02",
"db": "PACKETSTORM",
"id": "70138"
},
{
"date": "2009-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"date": "2009-03-13T10:30:00.577000",
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2008-6465"
},
{
"date": "2015-05-07T17:23:00",
"db": "BID",
"id": "31256"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-004208"
},
{
"date": "2009-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-251"
},
{
"date": "2017-08-17T01:29:19.160000",
"db": "NVD",
"id": "CVE-2008-6465"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels H-Sphere of webshell4 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-004208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "70138"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-251"
}
],
"trust": 0.7
}
}
VAR-201209-0281
Vulnerability from variot - Updated: 2023-12-18 13:44Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. Parallels H-Sphere offers multi-server host automation solutions for Linux, BSD and Windows platforms. A cross-site request forgery vulnerability exists in Parallels H-Sphere. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context. H-Sphere includes its own controls panels, automated billing, and provisioning solution in a single integrated system. It is scalable to any number of boxes — more Web, mail, database, and Windows hosting servers can be added without downtime.
Abstract:
A Vulnerability Laboratory researcher discovered multiple persistant cross site scripting vulnerabilities on Parallels H-Sphere 3.3 Patch1.
Report-Timeline:
2012-01-22: Public or Non-Public Disclosure
Status:
Published
Exploitation-Technique:
Remote
Severity:
Medium
Details:
Multiple persistant cross site scripting vulnerabilities where detected on Parallels H-Sphere 3.3 Patch1. These vulnerabilities allow an remote attacker to hijack customer sessions via persistent cross site scripting. Successful exploitation can result in account steal, client side exploitation or phishing & session hijacking. These bugs are located on the admin panel of Parallels H-Sphere 3.3 Patch1.
Vulnerbale Module(s): [+] Group Module [+] Extra Package Module
Picture(s): ../1.png ../2.png
Proof of Concept:
The vulnerability can be exploited by remote attackers with high account privileges(mod/admin) & required user inter action. For demonstration or reproduce ...
[Poc 1]
Open Link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/group_plans.html
choose admin post xss on Group Name: press add group. Result XSS!
[Poc 2] Open link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/extra_packs/create_extra_pack.html Extra Pack Name put xss code: Extra Package Prices set fee 1 recurrent fee 1 just click submit you will see result.
Risk:
The security risk of the persistant cross site scripting vulnerabilities are estimated as medium(-).
Credits:
Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x)
Disclaimer:
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012|Vulnerability-Lab
-- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com
. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Parallels H-Sphere Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID: SA47556
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47556/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47556
RELEASE DATE: 2012-01-24
DISCUSS ADVISORY: http://secunia.com/advisories/47556/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47556/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47556
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Vulnerability Lab has reported a vulnerability in Parallels H-Sphere, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add extra packages and group plans and conduct script insertion attacks by tricking a logged in user into visiting a malicious web site.
The vulnerability is reported in version 3.3 Patch 1. Other versions may also be affected.
SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application.
ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=392
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h-sphere",
"scope": "eq",
"trust": 1.6,
"vendor": "parallels",
"version": "3.3"
},
{
"model": "h-sphere",
"scope": "eq",
"trust": 0.8,
"vendor": "parallels",
"version": "3.3 patch 1"
},
{
"model": "h-sphere patch",
"scope": "eq",
"trust": 0.6,
"vendor": "parallels",
"version": "3.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "h sphere",
"version": "3.3"
}
],
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:parallels:h-sphere:3.3:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "longrifle0x",
"sources": [
{
"db": "PACKETSTORM",
"id": "108972"
}
],
"trust": 0.1
},
"cve": "CVE-2012-5004",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-5004",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5004",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html. Parallels H-Sphere offers multi-server host automation solutions for Linux, BSD and Windows platforms. A cross-site request forgery vulnerability exists in Parallels H-Sphere. Allows an attacker to build a malicious URI, entice a user to resolve, and perform malicious actions in the target user context. \nH-Sphere includes its own controls panels, automated billing, and provisioning solution in a single integrated \nsystem. It is scalable to any number of boxes \u2014 more Web, mail, database, and Windows hosting servers can be \nadded without downtime. \n\n\n\nAbstract:\n=========\nA Vulnerability Laboratory researcher discovered multiple persistant cross site scripting vulnerabilities on Parallels H-Sphere 3.3 Patch1. \n\n\nReport-Timeline:\n================\n2012-01-22: Public or Non-Public Disclosure\n\n\nStatus:\n========\nPublished\n\n\nExploitation-Technique:\n=======================\nRemote\n\n\nSeverity:\n=========\nMedium\n\n\nDetails:\n========\nMultiple persistant cross site scripting vulnerabilities where detected on Parallels H-Sphere 3.3 Patch1. \nThese vulnerabilities allow an remote attacker to hijack customer sessions via persistent cross site scripting. \nSuccessful exploitation can result in account steal, client side exploitation or phishing \u0026 session hijacking. \nThese bugs are located on the admin panel of Parallels H-Sphere 3.3 Patch1. \n\nVulnerbale Module(s):\n [+] Group Module\n [+] Extra Package Module\n\nPicture(s):\n ../1.png\n ../2.png\n\n\nProof of Concept:\n=================\nThe vulnerability can be exploited by remote attackers with high account privileges(mod/admin) \u0026 required user inter action. \nFor demonstration or reproduce ... \n\n[Poc 1]\n\nOpen Link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/group_plans.html\n\nchoose admin\npost xss on Group Name: \u003cIFRAME SRC=\"javascript:alert(\u0027XSS\u0027);\"\u003e\u003c/IFRAME\u003e press add group. Result XSS!\n\n[Poc 2]\nOpen link: http://demo.psoft.net/psoft/servlet/psoft.hsphere.CP/admin/1_0/psoft.hsphere.CP?template_name=admin/extra_packs/create_extra_pack.html\nExtra Pack Name put xss code: \u003cIFRAME SRC=\"javascript:alert(\u0027XSS\u0027);\"\u003e\u003c/IFRAME\u003e\nExtra Package Prices set fee 1 recurrent fee 1 just click submit you will see result. \n\n\n\nRisk:\n=====\nThe security risk of the persistant cross site scripting vulnerabilities are estimated as medium(-). \n\n\nCredits:\n========\nVulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x)\n\n\nDisclaimer:\n===========\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \nmay not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-\nLab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of \nother media, are reserved by Vulnerability-Lab or its suppliers. \n\n \t\t\t\t\t\tCopyright \u00a9 2012|Vulnerability-Lab\n\n\n\n\n-- \nWebsite: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com\nContact: admin@vulnerability-lab.com or support@vulnerability-lab.com\n\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nParallels H-Sphere Cross-Site Request Forgery Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47556\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47556/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47556\n\nRELEASE DATE:\n2012-01-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47556/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47556/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47556\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nVulnerability Lab has reported a vulnerability in Parallels H-Sphere,\nwhich can be exploited by malicious people to conduct cross-site\nrequest forgery attacks. \n\nThe application\u0027s web interface allows users to perform certain\nactions via HTTP requests without performing any validity checks to\nverify the requests. This can be exploited to e.g. add extra packages\nand group plans and conduct script insertion attacks by tricking a\nlogged in user into visiting a malicious web site. \n\nThe vulnerability is reported in version 3.3 Patch 1. Other versions\nmay also be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links while\nlogged in to the application. \n\nORIGINAL ADVISORY:\nhttp://www.vulnerability-lab.com/get_content.php?id=392\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "108972"
},
{
"db": "PACKETSTORM",
"id": "109047"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5004",
"trust": 3.2
},
{
"db": "SECUNIA",
"id": "47556",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "108972",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "78505",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2012-5307",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516",
"trust": 0.8
},
{
"db": "XF",
"id": "72628",
"trust": 0.6
},
{
"db": "IVD",
"id": "5CA6248E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "109047",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "PACKETSTORM",
"id": "108972"
},
{
"db": "PACKETSTORM",
"id": "109047"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"id": "VAR-201209-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
}
],
"trust": 1.13333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
}
]
},
"last_update_date": "2023-12-18T13:44:38.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Parallels H-Sphere",
"trust": 0.8,
"url": "http://www.parallels.com/jp/products/hsphere/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"trust": 1.6,
"url": "http://osvdb.org/78505"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.org/files/view/108972/vl-392.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/47556"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5004"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5004"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/47556http"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/72628"
},
{
"trust": 0.1,
"url": "http://demo.psoft.net/psoft/servlet/psoft.hsphere.cp/admin/1_0/psoft.hsphere.cp?template_name=admin/group_plans.html"
},
{
"trust": 0.1,
"url": "http://demo.psoft.net/psoft/servlet/psoft.hsphere.cp/admin/1_0/psoft.hsphere.cp?template_name=admin/extra_packs/create_extra_pack.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47556/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47556/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47556"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "PACKETSTORM",
"id": "108972"
},
{
"db": "PACKETSTORM",
"id": "109047"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"db": "PACKETSTORM",
"id": "108972"
},
{
"db": "PACKETSTORM",
"id": "109047"
},
{
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-21T00:00:00",
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"date": "2012-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"date": "2012-01-23T16:23:31",
"db": "PACKETSTORM",
"id": "108972"
},
{
"date": "2012-01-24T01:28:43",
"db": "PACKETSTORM",
"id": "109047"
},
{
"date": "2012-09-19T21:55:07.750000",
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"date": "2012-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5307"
},
{
"date": "2012-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004516"
},
{
"date": "2017-08-29T01:32:27.603000",
"db": "NVD",
"id": "CVE-2012-5004"
},
{
"date": "2012-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels H-Sphere Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5ca6248e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5307"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-414"
}
],
"trust": 0.6
}
}
FKIE_CVE-2022-30777
Vulnerability from fkie_nvd - Published: 2022-05-16 14:15 - Updated: 2024-11-21 07:03
Severity ?
Summary
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parallels:h-sphere:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC05754-84BF-4A3A-A5F9-E91EE493719A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter."
},
{
"lang": "es",
"value": "Parallels H-Sphere versi\u00f3n 3.6.1713 permite un ataque de tipo XSS por medio del par\u00e1metro index_en.php from"
}
],
"id": "CVE-2022-30777",
"lastModified": "2024-11-21T07:03:21.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-16T14:15:08.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5004
Vulnerability from fkie_nvd - Published: 2012-09-19 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parallels:h-sphere:3.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "5907D443-9510-4B7D-A895-24E3AE8DABCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Parallels H-Sphere v3.3 Patch 1, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que (1) a\u00f1ade planes de grupo a trav\u00e9s admin/group_plans.html o (2) a\u00f1adir paquetes estra a trav\u00e9s de admin/extra_packs/create_extra_pack.html."
}
],
"id": "CVE-2012-5004",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-19T21:55:07.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78505"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47556"
},
{
"source": "cve@mitre.org",
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-6465
Vulnerability from fkie_nvd - Published: 2009-03-13 10:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "8EEFBEDF-95BE-4D85-9DA5-A0B512D1D85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:parallels:h-sphere:3.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "314ED98D-F033-4096-895F-ACBFCB916974",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en login.php en webshell4 en Parallels H-Sphere 3.0.0 P9 y el 3.1 P1 permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de los par\u00e1metros (1) err, (2) errorcode, y (3) login."
}
],
"id": "CVE-2008-6465",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-13T10:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48232"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31830"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-30777 (GCVE-0-2022-30777)
Vulnerability from cvelistv5 – Published: 2022-05-16 13:38 – Updated: 2024-08-03 06:56
VLAI?
Summary
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T11:25:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.wikipedia.org/wiki/H-Sphere",
"refsource": "MISC",
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"name": "https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59",
"refsource": "MISC",
"url": "https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30777",
"datePublished": "2022-05-16T13:38:07",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5004 (GCVE-0-2012-5004)
Vulnerability from cvelistv5 – Published: 2012-09-19 21:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78505",
"refsource": "OSVDB",
"url": "http://osvdb.org/78505"
},
{
"name": "http://packetstormsecurity.org/files/view/108972/VL-392.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47556"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=392",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5004",
"datePublished": "2012-09-19T21:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6465 (GCVE-0-2008-6465)
Vulnerability from cvelistv5 – Published: 2009-03-13 10:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xssing.com/index.php?x=3\u0026y=65",
"refsource": "MISC",
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"refsource": "OSVDB",
"url": "http://osvdb.org/48232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6465",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30777 (GCVE-0-2022-30777)
Vulnerability from nvd – Published: 2022-05-16 13:38 – Updated: 2024-08-03 06:56
VLAI?
Summary
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T11:25:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40bhattronit96/cve-2022-30777-45725763ab59"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.wikipedia.org/wiki/H-Sphere",
"refsource": "MISC",
"url": "https://en.wikipedia.org/wiki/H-Sphere"
},
{
"name": "https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59",
"refsource": "MISC",
"url": "https://medium.com/@bhattronit96/cve-2022-30777-45725763ab59"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30777",
"datePublished": "2022-05-16T13:38:07",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5004 (GCVE-0-2012-5004)
Vulnerability from nvd – Published: 2012-09-19 21:00 – Updated: 2024-08-06 20:50
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78505",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78505",
"refsource": "OSVDB",
"url": "http://osvdb.org/78505"
},
{
"name": "http://packetstormsecurity.org/files/view/108972/VL-392.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47556"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=392",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5004",
"datePublished": "2012-09-19T21:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6465 (GCVE-0-2008-6465)
Vulnerability from nvd – Published: 2009-03-13 10:00 – Updated: 2024-08-07 11:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:45.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xssing.com/index.php?x=3\u0026y=65",
"refsource": "MISC",
"url": "http://www.xssing.com/index.php?x=3\u0026y=65"
},
{
"name": "hsphere-webshell4-login-xss(45252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45252"
},
{
"name": "31830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31830"
},
{
"name": "31256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31256"
},
{
"name": "hsphere-webshell4-errorcode-err-xss(45254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45254"
},
{
"name": "48232",
"refsource": "OSVDB",
"url": "http://osvdb.org/48232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6465",
"datePublished": "2009-03-13T10:00:00",
"dateReserved": "2009-03-13T00:00:00",
"dateUpdated": "2024-08-07T11:34:45.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}