{"id": "CVE-2017-14715", "bulletinFamily": "NVD", "title": "CVE-2017-14715", "description": "In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.", "published": "2017-09-22T19:29:00", "modified": "2017-09-28T14:19:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14715", "reporter": "cve@mitre.org", "references": ["https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830"], "cvelist": ["CVE-2017-14715"], "type": "cve", "lastseen": "2021-02-02T06:36:37", "edition": 6, "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310112083"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:144501"]}], "modified": "2021-02-02T06:36:37", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2021-02-02T06:36:37", "rev": 2}, "vulnersScore": 3.1}, "cpe": ["cpe:/a:telaxius:epesi:1.8.2.4"], "affectedSoftware": [{"cpeName": "telaxius:epesi", "name": "telaxius epesi", "operator": "le", "version": "1.8.2.4"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:telaxius:epesi:1.8.2.4:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:telaxius:epesi:1.8.2.4:*:*:*:*:*:*:*", "versionEndIncluding": "1.8.2.4", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830"}], "immutableFields": []}

{"openvas": [{"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-14713", "CVE-2017-14715", "CVE-2017-14714", "CVE-2017-14712", "CVE-2017-14716", "CVE-2017-14717"], "description": "EPESI is prone to multiple stored cross-site scripting (XSS) vulnerabilities\nin various parameters.", "modified": "2018-04-23T00:00:00", "published": "2017-10-16T00:00:00", "id": "OPENVAS:1361412562310112083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112083", "type": "openvas", "title": "EPESI Multiple Stored XSS Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_epesi_stored_xss_vuln.nasl 9565 2018-04-23 10:00:20Z ckuersteiner $\n#\n# EPESI Multiple Stored XSS Vulnerabilities\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:telaxus:epesi\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112083\");\n script_version(\"$Revision: 9565 $\");\n script_cve_id(\"CVE-2017-14712\", \"CVE-2017-14713\", \"CVE-2017-14714\", \"CVE-2017-14715\", \"CVE-2017-14716\", \"CVE-2017-14717\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-23 12:00:20 +0200 (Mon, 23 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-16 13:53:00 +0200 (Mon, 16 Oct 2017)\");\n script_name(\"EPESI Multiple Stored XSS Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_epesi_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"epesi/installed\", \"epesi/revision\");\n\n script_xref(name:\"URL\", value:\"https://forum.epesibim.com/d/4956-security-issue-multiple-stored-xss-in-epesi-version-1-8-2-rev20170830\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/42950/\");\n\n script_tag(name:\"summary\", value:\"EPESI is prone to multiple stored cross-site scripting (XSS) vulnerabilities\nin various parameters.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue will allow an auhenticated remote attacker\nto store persistently executable scripts inside the application.\");\n\n script_tag(name:\"affected\", value:\"EPESI version 1.8.2-rev20170830 and below\");\n\n script_tag(name:\"solution\", value:\"Update to version 1.8.2-20171019 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!vers = get_app_version(cpe:CPE, port:port)) exit(0);\nrev = get_kb_item(\"epesi/revision\");\nif (!rev)\n exit(0);\n\nif(version_is_less(version:vers, test_version:\"1.8.2\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.8.2-20171019\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nif (version_is_equal(version: vers, test_version: \"1.8.2\")) {\n if (version_is_less(version: rev, test_version: \"20171019\")) {\n report = report_fixed_ver(installed_version: vers, installed_patch: rev, fixed_version: \"1.8.2\",\n fixed_patch: \"20171019\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2017-10-06T06:01:20", "description": "", "published": "2017-10-04T00:00:00", "type": "packetstorm", "title": "EPESI 1.8.2 Revision 20170830 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-14713", "CVE-2017-14715", "CVE-2017-14714", "CVE-2017-14712", "CVE-2017-14716", "CVE-2017-14717"], "modified": "2017-10-04T00:00:00", "id": "PACKETSTORM:144501", "href": "https://packetstormsecurity.com/files/144501/EPESI-1.8.2-Revision-20170830-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: Multiple Stored XSS in EPESI \n# Date: 10/03/2017 \n# Exploit Author: Zeeshan Shaikh \n# Vendor Homepage: http://epe.si/ \n# Software Link: http://epe.si/download/ \n# Version: 1.8.2 rev20170830 \n# CVE : CVE-2017-14712 to CVE-2017-14717 \n# Category: webapps \n \n \nXSS 1 (Tasks - Title) \nSteps to recreate: \n1. Home->Tasks->add new \n2. Enter title as \"MYTITLE\" and fill required details but don't click save \n3. Start interceptor and intercept request \n4. click save \n5. Now replace MYTITLE with \"<i onclick=alert(1)>alertme</i>\"(without \nquotes) \n6. Home->click on alertme \n \nXSS 2 (Tasks - Description) \nSteps to recreate: \n1. Create a new task and fill description as \"MYDESC\" but don't click on \nsave \n2. Start intercepting request and then click save on browser \n3. Now replace MYDESC with \"<script>alert(1)</script>\" \n4. Go to Home(make sure task applet is there) -> Mouseover on i icon \n \nXSS 3 (Tasks/Phonecall - Notes - Title) \nSteps to recreate: \n1. Home->Tasks/PhoneCall->Notes->add new \n2. Steps same as XSS 1 \n3. Click on alertme in notes section \n \nXSS 4 (Tasks - Alerts - Title) \nSteps to recreate: \n1. Home->Tasks->Notes->add new \n2. Steps same as XSS 1 \n3. Click on alertme in alerts section \n \nXSS 5 (Phonecalls - Subject) \nSteps to recreate: \n1. Create a new phonecall and fill subject as \"MYSUB\" but don't click on \nsave \n2. Start intercepting request and then click save on browser \n3. Now replace MYSUB with \"<script>alert(1)</script>\" \n4. Go to Home(make sure task applet is there) -> Mouseover on i icon \n \nXSS 6 (Phonecalls - Description) \nSame as XSS 5 \n \n`\n", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/144501/epesi182-xss.txt"}]}