Vulnerability-Lookup

CNVD-2015-01485

Vulnerability from cnvd - Published: 2015-03-09

Title

Webshop hun跨站脚本漏洞

Description

Webshop hun是一款基于WEB的应用。 Webshop hun存在跨站脚本漏洞，远程攻击者可以利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.webshophun.hu/index

Reference

http://seclists.org/fulldisclosure/2015/Mar/25

Impacted products

Name
Webshop hun Webshop hun 1.062S

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2244"
    }
  },
  "description": "Webshop hun\u662f\u4e00\u6b3e\u57fa\u4e8eWEB\u7684\u5e94\u7528\u3002\r\n\r\nWebshop hun\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u83b7\u5f97\u654f\u611fCookie\uff0c\u52ab\u6301\u4f1a\u8bdd\u6216\u5728\u5ba2\u6237\u7aef\u4e0a\u8fdb\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Jing Wang",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.webshophun.hu/index",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01485",
  "openTime": "2015-03-09",
  "products": {
    "product": "Webshop hun Webshop hun 1.062S"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2015/Mar/25",
  "serverity": "\u4e2d",
  "submitTime": "2015-03-05",
  "title": "Webshop hun\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2015-2244 (GCVE-0-2015-2244)

Vulnerability from cvelistv5 – Published: 2015-03-09 17:00 – Updated: 2024-09-16 20:53

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://tetraph.com/security/xss-vulnerability/web…	x_refsource_MISC
	http://packetstormsecurity.com/files/130648/Websh…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2015/Mar/25	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:15.487Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://tetraph.com/security/xss-vulnerability/webshop-hun-v1-062s-xss-cross-site-scripting-security-vulnerabilities/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/130648/Webshop-Hun-1.062S-Cross-Site-Scripting.html"
          },
          {
            "name": "20150305 Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Mar/25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-03-09T17:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://tetraph.com/security/xss-vulnerability/webshop-hun-v1-062s-xss-cross-site-scripting-security-vulnerabilities/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/130648/Webshop-Hun-1.062S-Cross-Site-Scripting.html"
        },
        {
          "name": "20150305 Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Mar/25"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2244",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tetraph.com/security/xss-vulnerability/webshop-hun-v1-062s-xss-cross-site-scripting-security-vulnerabilities/",
              "refsource": "MISC",
              "url": "http://tetraph.com/security/xss-vulnerability/webshop-hun-v1-062s-xss-cross-site-scripting-security-vulnerabilities/"
            },
            {
              "name": "http://packetstormsecurity.com/files/130648/Webshop-Hun-1.062S-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/130648/Webshop-Hun-1.062S-Cross-Site-Scripting.html"
            },
            {
              "name": "20150305 Webshop hun v1.062S XSS (Cross-site Scripting) Security Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Mar/25"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2244",
    "datePublished": "2015-03-09T17:00:00Z",
    "dateReserved": "2015-03-09T00:00:00Z",
    "dateUpdated": "2024-09-16T20:53:15.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-01485

CVE-2015-2244 (GCVE-0-2015-2244)

Tags

Sightings

Nomenclature