Search criteria

8 vulnerabilities found for rockmongo by rockmongo

CVE-2023-53938 (GCVE-0-2023-53938)

Vulnerability from nvd – Published: 2025-12-18 19:53 – Updated: 2025-12-18 21:47
VLAI?
Title
RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters
Summary
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
Severity ?
5.1 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
iwind RockMongo Affected: 1.1.7
Create a notification for this product.
Credits
Rafael Pedrero
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53938",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T21:03:40.231956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T21:47:05.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/51437"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RockMongo",
          "vendor": "iwind",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rafael Pedrero"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim\u0027s browser."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-18T19:53:34.159Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51437",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51437"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://github.com/iwind/rockmongo/"
        },
        {
          "name": "VulnCheck Advisory: RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/rockmongo-stored-cross-site-scripting-vulnerability-via-multiple-parameters"
        }
      ],
      "title": "RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-53938",
    "datePublished": "2025-12-18T19:53:34.159Z",
    "dateReserved": "2025-12-16T19:22:09.997Z",
    "dateUpdated": "2025-12-18T21:47:05.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2013-5107 (GCVE-0-2013-5107)

Vulnerability from nvd – Published: 2013-12-14 17:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-14T16:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5107",
    "datePublished": "2013-12-14T17:00:00",
    "dateReserved": "2013-08-12T00:00:00",
    "dateUpdated": "2024-08-06T16:59:41.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5108 (GCVE-0-2013-5108)

Vulnerability from nvd – Published: 2013-12-05 18:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rockmongo-cve20135108-xss(89366)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
          },
          {
            "name": "55756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rockmongo-cve20135108-xss(89366)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
        },
        {
          "name": "55756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rockmongo-cve20135108-xss(89366)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
            },
            {
              "name": "55756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55756"
            },
            {
              "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5108",
    "datePublished": "2013-12-05T18:00:00",
    "dateReserved": "2013-08-12T00:00:00",
    "dateUpdated": "2024-08-06T16:59:41.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-53938 (GCVE-0-2023-53938)

Vulnerability from cvelistv5 – Published: 2025-12-18 19:53 – Updated: 2025-12-18 21:47
VLAI?
Title
RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters
Summary
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
Severity ?
5.1 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
iwind RockMongo Affected: 1.1.7
Create a notification for this product.
Credits
Rafael Pedrero
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-53938",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T21:03:40.231956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-18T21:47:05.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/51437"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RockMongo",
          "vendor": "iwind",
          "versions": [
            {
              "status": "affected",
              "version": "1.1.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rafael Pedrero"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim\u0027s browser."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-18T19:53:34.159Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-51437",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/51437"
        },
        {
          "name": "Official Product Homepage",
          "tags": [
            "product"
          ],
          "url": "https://github.com/iwind/rockmongo/"
        },
        {
          "name": "VulnCheck Advisory: RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/rockmongo-stored-cross-site-scripting-vulnerability-via-multiple-parameters"
        }
      ],
      "title": "RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-53938",
    "datePublished": "2025-12-18T19:53:34.159Z",
    "dateReserved": "2025-12-16T19:22:09.997Z",
    "dateUpdated": "2025-12-18T21:47:05.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2013-5107 (GCVE-0-2013-5107)

Vulnerability from cvelistv5 – Published: 2013-12-14 17:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-14T16:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5107",
    "datePublished": "2013-12-14T17:00:00",
    "dateReserved": "2013-08-12T00:00:00",
    "dateUpdated": "2024-08-06T16:59:41.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5108 (GCVE-0-2013-5108)

Vulnerability from cvelistv5 – Published: 2013-12-05 18:00 – Updated: 2024-08-06 16:59
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:59:41.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "rockmongo-cve20135108-xss(89366)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
          },
          {
            "name": "55756",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "rockmongo-cve20135108-xss(89366)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
        },
        {
          "name": "55756",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-5108",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "rockmongo-cve20135108-xss(89366)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
            },
            {
              "name": "55756",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55756"
            },
            {
              "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt",
              "refsource": "MISC",
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-5108",
    "datePublished": "2013-12-05T18:00:00",
    "dateReserved": "2013-08-12T00:00:00",
    "dateUpdated": "2024-08-06T16:59:41.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2013-5107

Vulnerability from fkie_nvd - Published: 2013-12-14 17:21 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php.
References
cve@mitre.orghttps://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txtExploit
af854a3a-2127-422b-91ae-364da2661108https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txtExploit
Impacted products
Vendor Product Version
rockmongo rockmongo *
rockmongo rockmongo 1.0
rockmongo rockmongo 1.0.1
rockmongo rockmongo 1.0.2
rockmongo rockmongo 1.0.3
rockmongo rockmongo 1.0.4
rockmongo rockmongo 1.0.5
rockmongo rockmongo 1.0.6
rockmongo rockmongo 1.0.7
rockmongo rockmongo 1.0.8
rockmongo rockmongo 1.0.9
rockmongo rockmongo 1.0.10
rockmongo rockmongo 1.0.11
rockmongo rockmongo 1.0.12
rockmongo rockmongo 1.1.1
rockmongo rockmongo 1.1.2
rockmongo rockmongo 1.1.3
rockmongo rockmongo 1.1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07E63CA-DC1E-4C04-8894-38285D9FA3C6",
              "versionEndIncluding": "1.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60343CDA-3F7C-45F7-87BE-598596D687F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "098AE33E-6063-408F-B5E1-13A50596B941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50E327E-8247-4148-83EB-D7ABA22F8988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D574D727-4C70-49A9-BBF3-A401B8FD11D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B517EAA8-5AA6-4CBE-AEA8-8E166A3B8399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BBC287E-D5EF-4262-A51C-5AD3D7449EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7C3ABC-7BAD-464C-AD4F-B561882ABC4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54D8D4D-E3BC-4361-A562-C5E10686F1FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CAD3ED-BC22-4BF4-A8E2-E28E9A9D0C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "70AA3C05-4D64-4024-BD13-078750EA7465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9384F995-44B7-4DF5-BA94-CA868AE8E82F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A655F81A-ED7E-4B8A-8818-D5E20182CAB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC82766A-FC33-4147-8F2D-B4882F79F02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2506C1E-853E-4C65-9066-94208D1C0E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "115A04F6-57DC-4C94-9935-518700AA5143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E74AE8-CEEB-46E3-935D-CDEED7844249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3867A1-256A-4EFE-9864-A41B4CEF3F03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in RockMongo 1.1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ROCK_LANG cookie, as demonstrated in a login.index action to index.php."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de recorrido de directorios en RockMongo 1.1.5 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a trav\u00e9s de .. (punto punto) en la cookie ROCK_LANG, como fue demostrado en la acci\u00f3n login.index de index.php."
    }
  ],
  "id": "CVE-2013-5107",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-12-14T17:21:45.740",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-5108

Vulnerability from fkie_nvd - Published: 2013-12-05 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.
References
cve@mitre.orghttp://secunia.com/advisories/55756Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/89366
cve@mitre.orghttps://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txtExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55756Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89366
af854a3a-2127-422b-91ae-364da2661108https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txtExploit
Impacted products
Vendor Product Version
rockmongo rockmongo *
rockmongo rockmongo 1.0
rockmongo rockmongo 1.0.1
rockmongo rockmongo 1.0.2
rockmongo rockmongo 1.0.3
rockmongo rockmongo 1.0.4
rockmongo rockmongo 1.0.5
rockmongo rockmongo 1.0.6
rockmongo rockmongo 1.0.7
rockmongo rockmongo 1.0.8
rockmongo rockmongo 1.0.9
rockmongo rockmongo 1.0.10
rockmongo rockmongo 1.0.11
rockmongo rockmongo 1.0.12
rockmongo rockmongo 1.1.1
rockmongo rockmongo 1.1.2
rockmongo rockmongo 1.1.3
rockmongo rockmongo 1.1.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07E63CA-DC1E-4C04-8894-38285D9FA3C6",
              "versionEndIncluding": "1.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60343CDA-3F7C-45F7-87BE-598596D687F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "098AE33E-6063-408F-B5E1-13A50596B941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B50E327E-8247-4148-83EB-D7ABA22F8988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D574D727-4C70-49A9-BBF3-A401B8FD11D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B517EAA8-5AA6-4CBE-AEA8-8E166A3B8399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BBC287E-D5EF-4262-A51C-5AD3D7449EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7C3ABC-7BAD-464C-AD4F-B561882ABC4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54D8D4D-E3BC-4361-A562-C5E10686F1FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CAD3ED-BC22-4BF4-A8E2-E28E9A9D0C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "70AA3C05-4D64-4024-BD13-078750EA7465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9384F995-44B7-4DF5-BA94-CA868AE8E82F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A655F81A-ED7E-4B8A-8818-D5E20182CAB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC82766A-FC33-4147-8F2D-B4882F79F02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2506C1E-853E-4C65-9066-94208D1C0E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "115A04F6-57DC-4C94-9935-518700AA5143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E74AE8-CEEB-46E3-935D-CDEED7844249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rockmongo:rockmongo:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3867A1-256A-4EFE-9864-A41B4CEF3F03",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en la funci\u00f3n xn en RockMongo 1.1.5 y anteriores permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro db en la p\u00e1gina de login o (2) el par\u00e1metro username en una acci\u00f3n login.index a index.php y otros par\u00e1metros no especificados."
    }
  ],
  "id": "CVE-2013-5108",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-05T18:55:12.080",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55756"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-026.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}