Lucene search

[email protected]CVE-2013-7417

HistoryJan 02, 2015 - 7:59 p.m.

CVE-2013-7417

2015-01-0219:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-7417

ipcop

xss

vulnerability

web security

cgi

csrf

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer.

Affected configurations

NVD

Node

ipcopipcopRange≤2.1.2

CPENameOperatorVersion
ipcop:ipcopipcople2.1.2

CPE	Name	Operator	Version
ipcop:ipcop	ipcop	le	2.1.2

References

packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

sourceforge.net/p/ipcop/bugs/807/

www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/

exchange.xforce.ibmcloud.com/vulnerabilities/99396

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2013-7417

cvelist1 prion1 nvd1