Lucene search

[email protected]CVE-2017-6488

HistoryMar 05, 2017 - 8:59 p.m.

CVE-2017-6488

2017-03-0520:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-6488

cross-site scripting

xss

epesi

security vulnerability

web security

code injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected configurations

NVD

Node

epesiepesiMatch1.8.1.1

CPENameOperatorVersion
epesi:epesiepesieq1.8.1.1

CPE	Name	Operator	Version
epesi:epesi	epesi	eq	1.8.1.1

References

www.securityfocus.com/bid/96955

github.com/Telaxus/EPESI/issues/166

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for CVE-2017-6488

osv1 prion1 cvelist1 nvd1 openvas1