VAR-200910-0132
Vulnerability from variot - Updated: 2023-12-18 12:11Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. If a remote attacker submits a long HTTP GET request to the NaviCOPA Web Server, it can trigger a heap overflow, causing arbitrary code execution; in addition, submitting a specially crafted HTTP request containing a dot character to the server can also reveal the source code of the PHP script. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?
Click here to learn more: http://secunia.com/advisories/business_solutions/
TITLE: NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA33766
VERIFY ADVISORY: http://secunia.com/advisories/33766/
CRITICAL: Highly critical
IMPACT: Exposure of sensitive information, DoS, System access
WHERE:
From remote
SOFTWARE: NaviCOPA 3.x http://secunia.com/advisories/product/21322/
DESCRIPTION: e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
1) A boundary error in the processing of HTTP requests can be exploited to cause a heap-based buffer overflow via an overly long HTTP GET request. PHP scripts via specially crafted requests containing e.g. dot characters.
The vulnerabilities are confirmed in version 3.01.
SOLUTION: Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY: e.wiZz!
ORIGINAL ADVISORY: http://milw0rm.com/exploits/7966
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200910-0132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mega file hosting script",
"scope": "eq",
"trust": 2.7,
"vendor": "yabsoft",
"version": "1.2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "navicopa web server",
"scope": "eq",
"trust": 0.3,
"vendor": "intervations",
"version": "3.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yabsoft:mega_file_hosting_script:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moudi",
"sources": [
{
"db": "BID",
"id": "36413"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-3647",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-0590",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-3647",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200910-169",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the moudi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NaviCOPA Web Server is a web server installed on a Windows system that automatically configures HTTP access. If a remote attacker submits a long HTTP GET request to the NaviCOPA Web Server, it can trigger a heap overflow, causing arbitrary code execution; in addition, submitting a specially crafted HTTP request containing a dot character to the server can also reveal the source code of the PHP script. NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. \nSuccessful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ----------------------------------------------------------------------\n\nDid you know that a change in our assessment rating, exploit code\navailability, or if an updated patch is released by the vendor, is\nnot part of this mailing-list?\n\nClick here to learn more:\nhttp://secunia.com/advisories/business_solutions/\n\n----------------------------------------------------------------------\n\nTITLE:\nNaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA33766\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/33766/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nExposure of sensitive information, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNaviCOPA 3.x\nhttp://secunia.com/advisories/product/21322/\n\nDESCRIPTION:\ne.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation, cause a DoS (Denial of Service), or potentially\ncompromise a vulnerable system. \n\n1) A boundary error in the processing of HTTP requests can be\nexploited to cause a heap-based buffer overflow via an overly long\nHTTP GET request. PHP scripts via specially crafted\nrequests containing e.g. dot characters. \n\nThe vulnerabilities are confirmed in version 3.01. \n\nSOLUTION:\nRestrict access to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\ne.wiZz!\n\nORIGINAL ADVISORY:\nhttp://milw0rm.com/exploits/7966\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "PACKETSTORM",
"id": "74658"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3647",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "33766",
"trust": 1.4
},
{
"db": "BID",
"id": "36413",
"trust": 1.3
},
{
"db": "BID",
"id": "33585",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2009-0590",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "9694",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "9694",
"trust": 0.6
},
{
"db": "XF",
"id": "53278",
"trust": 0.6
},
{
"db": "OSVDB",
"id": "58386",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "7966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74658",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"id": "VAR-200910-0132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
}
]
},
"last_update_date": "2023-12-18T12:11:29.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mega File Hosting Script",
"trust": 0.8,
"url": "http://yabsoft.com/mfhs-feature.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/36413"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3647"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3647"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/33766/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/53278"
},
{
"trust": 0.6,
"url": "http://www.osvdb.org/58386"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/9694"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/33766"
},
{
"trust": 0.3,
"url": "http://www.navicopa.com/"
},
{
"trust": 0.3,
"url": "/archive/1/500626"
},
{
"trust": 0.3,
"url": "http://www.hotscripts.com/listing/mega-file-hosting-script-v1-2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/21322/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://milw0rm.com/exploits/7966"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"db": "PACKETSTORM",
"id": "74658"
},
{
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-02-03T00:00:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-09-16T00:00:00",
"db": "BID",
"id": "36413"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"date": "2009-02-04T15:44:25",
"db": "PACKETSTORM",
"id": "74658"
},
{
"date": "2009-10-09T14:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"date": "2009-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0590"
},
{
"date": "2009-08-25T00:52:00",
"db": "BID",
"id": "33585"
},
{
"date": "2009-09-16T20:30:00",
"db": "BID",
"id": "36413"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-006417"
},
{
"date": "2017-08-17T01:31:13.427000",
"db": "NVD",
"id": "CVE-2009-3647"
},
{
"date": "2009-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "33585"
},
{
"db": "BID",
"id": "36413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "YABSoft Mega File Hosting Script of emaullinks.php Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-006417"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200910-169"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…