var-201904-0636
Vulnerability from variot

A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A cross-site scripting vulnerability exists in the SIEMENS CP1604 and CP1616 devices. An attacker could exploit a vulnerability to make a trusted user spoofed to track a malicious link. Siemens CP1604 and CP1616 are prone to following security vulnerabilities: 1. An information disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A cross-site request-forgery vulnerability Attackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. The following products and versions are vulnerable: All versions prior to Siemens CP1604 2.8 All versions prior to Siemens CP1616 2.8. The vulnerability stems from the lack of correct verification of client data in WEB applications

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0636",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cp 1604",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "cp 1616",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "cp 1604",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "cp 1616",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "2.8"
      },
      {
        "model": "cp1604",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.8"
      },
      {
        "model": "cp1616",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.8"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16162.7.2"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16162.1"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16042.7.2"
      },
      {
        "model": "cp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16042.1"
      },
      {
        "model": "cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16162.8"
      },
      {
        "model": "cp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "16042.8"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp 1604",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cp 1616",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "BID",
        "id": "106992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:siemens:cp_1604_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:cp_1616_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.,Siemens reported these vulnerabilities to NCCIC.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-13809",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-13809",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-00988",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "7d8457df-463f-11e9-8e53-000c29342cb1",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-123905",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-13809",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-13809",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-13809",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-00988",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-524",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "7d8457df-463f-11e9-8e53-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123905",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. CP 1604 and CP 1616 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The SIEMENS CP1604 is used to connect a PCI-104 system to PROFINET IO. The SIEMENS CP1616 is an innovative product that is installed in a PC for PROFINET communication. A cross-site scripting vulnerability exists in the SIEMENS CP1604 and CP1616 devices. An attacker could exploit a vulnerability to make a trusted user spoofed to track a malicious link. Siemens CP1604 and CP1616 are prone to following security vulnerabilities:\n1. An information disclosure vulnerability\n2. A cross-site-scripting vulnerability\n3. A cross-site request-forgery vulnerability\nAttackers can exploit these issues to obtain sensitive information, or execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. \nThe following products and versions are vulnerable:\nAll versions prior to Siemens CP1604 2.8\nAll versions prior to Siemens CP1616 2.8. The vulnerability stems from the lack of correct verification of client data in WEB applications",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "BID",
        "id": "106992"
      },
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13809",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-559174",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-043-06",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "106992",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0442",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "7D8457DF-463F-11E9-8E53-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "db": "BID",
        "id": "106992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "id": "VAR-201904-0636",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      }
    ],
    "trust": 1.7125
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:57.521000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-559174",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
      },
      {
        "title": "Patch for SIEMENS CP1604 and CP1616 device cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/149595"
      },
      {
        "title": "Siemens CP1604  and CP1616 Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89335"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13809"
      },
      {
        "trust": 0.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-06"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13809"
      },
      {
        "trust": 0.8,
        "url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-06"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/106992"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75478"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "db": "BID",
        "id": "106992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "db": "BID",
        "id": "106992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-10T00:00:00",
        "db": "IVD",
        "id": "7d8457df-463f-11e9-8e53-000c29342cb1"
      },
      {
        "date": "2019-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "date": "2019-04-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "106992"
      },
      {
        "date": "2019-05-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "date": "2019-04-17T14:29:02.840000",
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-00988"
      },
      {
        "date": "2019-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123905"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "BID",
        "id": "106992"
      },
      {
        "date": "2019-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      },
      {
        "date": "2019-07-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      },
      {
        "date": "2024-11-21T03:48:06.697000",
        "db": "NVD",
        "id": "CVE-2018-13809"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CP 1604 and  CP 1616 Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015275"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-524"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…