Search criteria
1 vulnerability found for xmt515 by watchguard
VAR-202001-0301
Vulnerability from variot - Updated: 2024-11-23 23:11A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). WatchGuard XMT515 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. WatchGuard XMT515 is a firewall router product of WatchGuard Company in the United States.
WatchGuard XMT515 12.1.3 and earlier versions have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0301",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xmt515",
"scope": "lte",
"trust": 1.0,
"vendor": "watchguard",
"version": "12.3"
},
{
"model": "xmt515",
"scope": "lte",
"trust": 0.8,
"vendor": "watchguard",
"version": "12.1.3"
},
{
"model": "xmt515",
"scope": "lte",
"trust": 0.6,
"vendor": "watchguard",
"version": "\u003c=12.1.3"
},
{
"model": "xmt515",
"scope": "eq",
"trust": 0.6,
"vendor": "watchguard",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:watchguard:xmt515_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
}
]
},
"cve": "CVE-2019-18652",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-18652",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-01202",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2019-18652",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18652",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18652",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-18652",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-01202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-215",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim\u0027s browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362). WatchGuard XMT515 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. WatchGuard XMT515 is a firewall router product of WatchGuard Company in the United States. \n\nWatchGuard XMT515 12.1.3 and earlier versions have cross-site scripting vulnerabilities. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18652"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNVD",
"id": "CNVD-2020-01202"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18652",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-01202",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"id": "VAR-202001-0301",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
}
]
},
"last_update_date": "2024-11-23T23:11:35.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.watchguard.com/"
},
{
"title": "Patch for WatchGuard XMT515 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/196607"
},
{
"title": "WatchGuard XMT515 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://gitlab.com/crypt0crc/cve-2019-18652"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18652"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18652"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"date": "2020-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"date": "2020-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"date": "2020-01-07T22:15:12.427000",
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"date": "2020-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013999"
},
{
"date": "2020-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-215"
},
{
"date": "2024-11-21T04:33:27.423000",
"db": "NVD",
"id": "CVE-2019-18652"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WatchGuard XMT515 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-01202"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-215"
}
],
"trust": 0.6
}
}