Lucene search
Japan Vulnerability NotesJVN:58020495HistoryJul 24, 2015 - 12:00 a.m.
JVN#58020495: Research Artisan Lite vulnerable to cross-site scripting
2015-07-2400:00:00
Japan Vulnerability Notes
jvn.jp
12
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.7%
Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities (CWE-79).
Impact
There are two attack scenarios.
- If a user views a malicious web page, an arbitrary script may be executed on the user’s web browser.
- An attacker accesses a specially crafted URL which may include javascript code. The server then stores the access logs for analysis. When an administrator views the analysis results, a script is executed on the administrator’s web browser.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Research Artisan Lite prior to ver.1.18
Related
cve
cve
CVE-2015-2976
2015-07-25 10:59:00
cvelist
cvelist
CVE-2015-2976
2015-07-25 10:00:00
prion
prion
Cross site scripting
2015-07-25 10:59:00
nvd
nvd
CVE-2015-2976
2015-07-25 10:59:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.7%
Related for JVN:58020495