Lucene search

[email protected]CVE-2016-4875

HistoryApr 14, 2017 - 6:59 p.m.

CVE-2016-4875

2017-04-1418:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2016-4875

cross-site scripting

xss

ivywe assist plugin

databox plugin

userbox plugin

geeklog

remote code injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

assist_projectassist_pluginRange≤1.1.0geeklog

databox_projectdatabox_pluginRange≤0..0.0.20150609geeklog

userbox_projectuserbox_pluginRange≤0.0.0.20150918geeklog

CPENameOperatorVersion
assist_project:assist_pluginassist project assist pluginle1.1.0
databox_project:databox_plugindatabox project databox pluginle0..0.0.20150609
userbox_project:userbox_pluginuserbox project userbox pluginle0.0.0.20150918

CPE	Name	Operator	Version
assist_project:assist_plugin	assist project assist plugin	le	1.1.0
databox_project:databox_plugin	databox project databox plugin	le	0..0.0.20150609
userbox_project:userbox_plugin	userbox project userbox plugin	le	0.0.0.20150918

References

jvn.jp/en/jp/JVN46087986/index.html

jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html

www.securityfocus.com/bid/93123

github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1

github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2016-4875

cvelist1 jvn1 nvd1 prion1 osv1