VAR-200604-0404
Vulnerability from variot - Updated: 2023-12-18 13:49Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0404",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "3"
},
{
"model": "groupmax world wide web scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "2"
},
{
"model": "groupmax world wide web scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "3"
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "5"
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "6"
},
{
"model": "groupmax world wide web desktop scheduler",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "5"
},
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 1.6,
"vendor": "hitachi",
"version": "2"
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "world wide web hitachi",
"scope": "eq",
"trust": 0.6,
"vendor": "groupmax",
"version": "2"
},
{
"model": "world wide web hitachi",
"scope": "eq",
"trust": 0.6,
"vendor": "groupmax",
"version": "3"
},
{
"model": "groupmax world wide web desktop",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-11"
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "groupmax world wide web for scheduler 02-31-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-20"
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-10"
},
{
"model": "groupmax world wide web for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"model": "groupmax world wide web desktop for scheduler 05-11-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-11"
},
{
"model": "groupmax world wide web desktop for scheduler",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"model": "groupmax world wide web desktop for jichitai 06-52-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop for jichitai",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-52"
},
{
"model": "groupmax world wide web desktop for jichitai",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"model": "groupmax world wide web desktop 06-52-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 06-52-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 06-52-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-52"
},
{
"model": "groupmax world wide web desktop 06-51-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 06-51-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"model": "groupmax world wide web desktop 06-50-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 06-50-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"model": "groupmax world wide web desktop 05-11-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 05-11-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop 05-11-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-00"
},
{
"model": "groupmax world wide web 03-11-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web 03-10-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "groupmax world wide web 02-31-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web 02-31-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web 02-20-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-20"
},
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-10"
},
{
"model": "groupmax world wide web",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"model": "groupmax world wide web desktop 06-52-/f",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "groupmax world wide web 06-52-/f",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "BID",
"id": "17337"
},
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_desktop:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_desktop_scheduler:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_scheduler:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_scheduler:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_desktop:5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_world_wide_web_desktop:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1574"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "17337"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
],
"trust": 0.9
},
"cve": "CVE-2006-1574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2006-1972",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1574",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-1972",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-521",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. This issue is due to a failure in the application to properly sanitize user-supplied input. \nAn attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "BID",
"id": "17337"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17337",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2006-1574",
"trust": 2.2
},
{
"db": "HITACHI",
"id": "HS06-005",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "19483",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "24295",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-1180",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2006-1972",
"trust": 0.6
},
{
"db": "XF",
"id": "25574",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "BID",
"id": "17337"
},
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"id": "VAR-200604-0404",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
}
]
},
"last_update_date": "2023-12-18T13:49:52.796000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/17337"
},
{
"trust": 1.9,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-005_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/19483"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/24295"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/1180"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25574"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1180"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25574"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/prod/groupmax/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "BID",
"id": "17337"
},
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"db": "BID",
"id": "17337"
},
{
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"date": "2006-03-31T00:00:00",
"db": "BID",
"id": "17337"
},
{
"date": "2006-04-01T00:04:00",
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"date": "2006-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1972"
},
{
"date": "2006-04-03T17:58:00",
"db": "BID",
"id": "17337"
},
{
"date": "2017-07-20T01:30:43.097000",
"db": "NVD",
"id": "CVE-2006-1574"
},
{
"date": "2006-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Groupmax Desktop for Scheduler World Wide Web Unknown Cross-Site Scripting Attack Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1972"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-521"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…