ID CVE-2015-7782Type cveReporter cve@mitre.orgModified 2015-12-30T18:19:00
Description
Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
{"id": "CVE-2015-7782", "bulletinFamily": "NVD", "title": "CVE-2015-7782", "description": "Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "published": "2015-12-30T05:59:00", "modified": "2015-12-30T18:19:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7782", "reporter": "cve@mitre.org", "references": ["http://jvndb.jvn.jp/jvndb/JVNDB-2015-000188", "http://jvn.jp/en/jp/JVN35845584/index.html"], "cvelist": ["CVE-2015-7782"], "type": "cve", "lastseen": "2019-05-29T18:14:45", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1b3d2706b8b9fb4c050b06360c0ebc8c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "78d3c9c1c0f6fdfe6d95b43b5538794c"}, {"key": "cpe23", "hash": "beee92ab412bf362250c81de534de9ba"}, {"key": "cvelist", "hash": "1181c50542456765dfca2574985f745c"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "b09b1eefed8cfc1a56de7b40ef20d41a"}, {"key": "href", "hash": "a60de87e50098dd5e4e140efa4209128"}, {"key": "modified", "hash": "3a2eeb3d40d801638377fb9c76194222"}, {"key": "published", "hash": "8969cde06fcdbb334775a1e51a8cb5f5"}, {"key": "references", "hash": "1775c0ec7e04329e650f96f46cb4c5de"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a1390801e727a89a1fed96d94d2b32ef"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "485c43108f921b559248ffc9ad3cb13b8f0e3834b9d19ae733bad9eb866cd0ee", "viewCount": 0, "enchantments": {"score": {"value": 4.0, "vector": "NONE", "modified": "2019-05-29T18:14:45", "rev": 2}, "dependencies": {"references": [{"type": "jvn", "idList": ["JVN:35845584"]}], "modified": "2019-05-29T18:14:45", "rev": 2}, "vulnersScore": 4.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:let's_php!:frame_high-speed_chat:-", "cpe:/a:let\\'s_php\\!:frame_high-speed_chat:-"], "affectedSoftware": [{"name": "let's_php! frame_high-speed_chat", "operator": "eq", "version": "-"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:let\\'s_php\\!:frame_high-speed_chat:-:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}
{"jvn": [{"lastseen": "2019-05-29T19:49:17", "bulletinFamily": "info", "description": "\n ## Description\n\nFrame high-speed chat provided by Let's PHP! contains a cross-site scripting vulnerability (CWE-79).\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser.\n\n ## Solution\n\n**Apply an Update** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Frame high-speed chat versions prior to 2015/09/22\n", "modified": "2015-11-30T00:00:00", "published": "2015-11-30T00:00:00", "id": "JVN:35845584", "href": "http://jvn.jp/en/jp/JVN35845584/index.html", "title": "JVN#35845584: Frame high-speed chat vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
