ID CVE-2016-1599Type cveReporter cve@mitre.orgModified 2017-03-15T01:59:00
Description
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
{"id": "CVE-2016-1599", "bulletinFamily": "NVD", "title": "CVE-2016-1599", "description": "Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.", "published": "2016-03-24T01:59:00", "modified": "2017-03-15T01:59:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1599", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/96837", "https://bugzilla.netiq.com/show_bug.cgi?id=967461", "https://www.netiq.com/support/kb/doc.php?id=7017399"], "cvelist": ["CVE-2016-1599"], "type": "cve", "lastseen": "2019-05-29T18:15:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "f83a371ab91ca86d893a14d5d9857e49"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "7f052742c37f8acf737b2fbb0d8e255a"}, {"key": "cpe23", "hash": "cd599aa6c4c423a5c3b4c348876d7d16"}, {"key": "cvelist", "hash": "c4923ff01b6d6ea1ff1f4bb321a4b43b"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "456320adc0a0905b9ae551a791fa2936"}, {"key": "href", "hash": "4d37ae40d969a0de8483d58137af2201"}, {"key": "modified", "hash": "fea5f4481c461e600bd2743e3aed76f4"}, {"key": "published", "hash": "feb322a2e9a72921070006e22b373e27"}, {"key": "references", "hash": "1150833f9001eeed076effb0e274a505"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "e05153aafbd23bfd14eed39c8355c260"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9aea8fe18593f643f255818535a8ef55d51d49c5c43f48394e3cea8c42e409e6", "viewCount": 0, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2019-05-29T18:15:34"}, "dependencies": {"references": [], "modified": "2019-05-29T18:15:34"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:netiq:self_service_password_reset:3.1", "cpe:/a:netiq:self_service_password_reset:3.3.1", "cpe:/a:netiq:self_service_password_reset:3.0", "cpe:/a:netiq:self_service_password_reset:3.3", "cpe:/a:netiq:self_service_password_reset:3.2", "cpe:/a:netiq:self_service_password_reset:2.0"], "affectedSoftware": [{"name": "netiq self_service_password_reset", "operator": "eq", "version": "3.0"}, {"name": "netiq self_service_password_reset", "operator": "eq", "version": "3.1"}, {"name": "netiq self_service_password_reset", "operator": "eq", "version": "3.3.1"}, {"name": "netiq self_service_password_reset", "operator": "eq", "version": "2.0"}, {"name": "netiq self_service_password_reset", "operator": "eq", "version": "3.3"}, {"name": "netiq self_service_password_reset", "operator": "eq", "version": "3.2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:netiq:self_service_password_reset:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:netiq:self_service_password_reset:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:netiq:self_service_password_reset:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:netiq:self_service_password_reset:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:netiq:self_service_password_reset:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:netiq:self_service_password_reset:3.3.1:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}
{}
