Search...

[SECURITY] [DLA 453-1] extplorer security update

2016-05-03T20:30:24

ID DEBIAN:DLA-453-1:A2B8D
Type debian
Reporter Debian
Modified 2016-05-03T20:30:24

Description

Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u2 CVE ID : CVE-2015-0896 Debian Bug : 783231

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "DEBIAN:DLA-453-1:A2B8D", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 453-1] extplorer security update", "description": "Package : extplorer\nVersion : 2.1.0b6+dfsg.3-4+deb7u2\nCVE ID : CVE-2015-0896\nDebian Bug : 783231\n\nMultiple cross-site scripting (XSS) vulnerabilities in eXtplorer before \n2.1.7 allow remote attackers to inject arbitrary web script or HTML via \nunspecified vectors.\n\n\n", "published": "2016-05-03T20:30:24", "modified": "2016-05-03T20:30:24", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00004.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2015-0896"], "type": "debian", "lastseen": "2020-08-12T00:51:43", "edition": 10, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0896"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-296.NASL", "DEBIAN_DLA-453.NASL"]}, {"type": "jvn", "idList": ["JVN:97099798"]}, {"type": "debian", "idList": ["DEBIAN:DLA-296-1:4957B"]}], "modified": "2020-08-12T00:51:43", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2020-08-12T00:51:43", "rev": 2}, "vulnersScore": 5.2}, "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "extplorer_2.1.0b6+dfsg.3-4+deb7u2_all.deb", "packageName": "extplorer", "packageVersion": "2.1.0b6+dfsg.3-4+deb7u2"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:21:21", "description": "Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "edition": 6, "cvss3": {}, "published": "2015-03-18T23:59:00", "title": "CVE-2015-0896", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0896"], "modified": "2015-03-19T13:41:00", "cpe": ["cpe:/a:extplorer:extplorer:2.1.6"], "id": "CVE-2015-0896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0896", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:extplorer:extplorer:2.1.6:*:*:*:*:*:*:*"]}], "jvn": [{"lastseen": "2019-05-29T19:49:20", "bulletinFamily": "info", "cvelist": ["CVE-2015-0896"], "description": "\n ## Description\n\neXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities.\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser.\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * eXtplorer versions prior to 2.1.7\n", "edition": 4, "modified": "2015-03-17T00:00:00", "published": "2015-03-17T00:00:00", "id": "JVN:97099798", "href": "http://jvn.jp/en/jp/JVN97099798/index.html", "title": "JVN#97099798: eXtplorer vulnerable to cross-site scripting", "type": "jvn", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T09:43:46", "description": "Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer\nbefore 2.1.7 allow remote attackers to inject arbitrary web script or\nHTML via unspecified vectors.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2016-05-04T00:00:00", "title": "Debian DLA-453-1 : extplorer security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0896"], "modified": "2016-05-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:extplorer", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-453.NASL", "href": "https://www.tenable.com/plugins/nessus/90871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-453-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90871);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0896\");\n script_bugtraq_id(73210);\n\n script_name(english:\"Debian DLA-453-1 : extplorer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer\nbefore 2.1.7 allow remote attackers to inject arbitrary web script or\nHTML via unspecified vectors.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/05/msg00004.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/extplorer\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected extplorer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:extplorer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"extplorer\", reference:\"2.1.0b6+dfsg.3-4+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:43:37", "description": "Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer\nbefore 2.1.7 allow remote attackers to inject arbitrary web script or\nHTML via unspecified vectors.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 14, "published": "2015-08-24T00:00:00", "title": "Debian DLA-296-1 : extplorer security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0896"], "modified": "2015-08-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:extplorer"], "id": "DEBIAN_DLA-296.NASL", "href": "https://www.tenable.com/plugins/nessus/85584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-296-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85584);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0896\");\n script_bugtraq_id(73210);\n\n script_name(english:\"Debian DLA-296-1 : extplorer security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer\nbefore 2.1.7 allow remote attackers to inject arbitrary web script or\nHTML via unspecified vectors.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/08/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/extplorer\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected extplorer package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:extplorer\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"extplorer\", reference:\"2.1.0b6+dfsg.2-1+squeeze3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T01:00:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0896"], "description": "Package : extplorer\nVersion : 2.1.0b6+dfsg.2-1+squeeze3\nCVE ID : CVE-2015-0896\n\nMultiple cross-site scripting (XSS) vulnerabilities in eXtplorer before \n2.1.7 allow remote attackers to inject arbitrary web script or HTML via \nunspecified vectors.\n\n", "edition": 6, "modified": "2015-08-21T19:15:33", "published": "2015-08-21T19:15:33", "id": "DEBIAN:DLA-296-1:4957B", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201508/msg00010.html", "title": "[SECURITY] [DLA 296-1] extplorer security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}

[SECURITY] [DLA 453-1] extplorer security update

Description

Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u2 CVE ID : CVE-2015-0896 Debian Bug : 783231 Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Package : extplorer Version : 2.1.0b6+dfsg.3-4+deb7u2 CVE ID : CVE-2015-0896 Debian Bug : 783231

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.