Lucene search

[email protected]CVE-2015-7786

HistoryDec 29, 2015 - 5:59 p.m.

CVE-2015-7786

2015-12-2917:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-7786

cross-site scripting

xss

ntt data

smart sourcing

javascript

web analytics service

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

nttdataweb_analytics_service

CPENameOperatorVersion
nttdata:web_analytics_servicenttdata web analytics serviceeq*

CPE	Name	Operator	Version
nttdata:web_analytics_service	nttdata web analytics service	eq	*

References

jvn.jp/en/jp/JVN70083512/995570/index.html

jvn.jp/en/jp/JVN70083512/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000196

www.nttdata-smart.co.jp/information/2015/000040.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2015-7786

nvd1 cvelist1 jvn1 prion1