Vulnerability-Lookup

CVE-2015-0526 (GCVE-0-2015-0526)

Vulnerability from cvelistv5 – Published: 2015-06-22 15:00 – Updated: 2024-08-06 04:10

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://www.securitytracker.com/id/1032590	vdb-entryx_refsource_SECTRACK
	http://seclists.org/bugtraq/2015/Jun/88	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:10:11.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032590",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032590"
          },
          {
            "name": "20150616 ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jun/88"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-22T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1032590",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032590"
        },
        {
          "name": "20150616 ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jun/88"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-0526",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032590",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032590"
            },
            {
              "name": "20150616 ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jun/88"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-0526",
    "datePublished": "2015-06-22T15:00:00",
    "dateReserved": "2014-12-17T00:00:00",
    "dateUpdated": "2024-08-06T04:10:11.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0526\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2015-06-22T15:59:00.070\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en EMC RSA Validation Manager (RVM) 3.2 anterior a build 201 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro (1) displayMode o (2) wrapPreDisplayMode.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:rsa_validation_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2\",\"matchCriteriaId\":\"79E8D176-C093-419A-BBC0-384B0849BDFF\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/bugtraq/2015/Jun/88\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1032590\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://seclists.org/bugtraq/2015/Jun/88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2015-0526

Vulnerability from fkie_nvd - Published: 2015-06-22 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

	URL	Tags
	security_alert@emc.com	http://seclists.org/bugtraq/2015/Jun/88
	security_alert@emc.com	http://www.securitytracker.com/id/1032590
	af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2015/Jun/88
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032590

Impacted products

	Vendor	Product	Version
	emc	rsa_validation_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:rsa_validation_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E8D176-C093-419A-BBC0-384B0849BDFF",
              "versionEndIncluding": "3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en EMC RSA Validation Manager (RVM) 3.2 anterior a build 201 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro (1) displayMode o (2) wrapPreDisplayMode."
    }
  ],
  "id": "CVE-2015-0526",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-06-22T15:59:00.070",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://seclists.org/bugtraq/2015/Jun/88"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1032590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/bugtraq/2015/Jun/88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032590"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X8HH-C774-R7CV

Vulnerability from github – Published: 2022-05-17 00:48 – Updated: 2022-05-17 00:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-22T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.",
  "id": "GHSA-x8hh-c774-r7cv",
  "modified": "2022-05-17T00:48:09Z",
  "published": "2022-05-17T00:48:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0526"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2015/Jun/88"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032590"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-03893

Vulnerability from cnvd - Published: 2015-06-23

Title

RSA Validation Manager 'displayMode'和'wrapPreDisplayMode'跨站脚本漏洞

Description

RSA Validation Manager是一款RSA的校验程序。 RSA Validation Manager用户接口未能正确处理'displayMode'和'wrapPreDisplayMode'参数，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。

Severity

中

Patch Name

RSA Validation Manager 'displayMode'和'wrapPreDisplayMode'跨站脚本漏洞的补丁

Patch Description

RSA Validation Manager是一款RSA的校验程序。RSA Validation Manager用户接口未能正确处理'displayMode'和'wrapPreDisplayMode'参数，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www.rsa.com/

Reference

http://www.securitytracker.com/id/1032590

Impacted products

Name
EMC RSA Validation Manager 3.2(<build 201)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75225"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0526"
    }
  },
  "description": "RSA Validation Manager\u662f\u4e00\u6b3eRSA\u7684\u6821\u9a8c\u7a0b\u5e8f\u3002\r\n\r\nRSA Validation Manager\u7528\u6237\u63a5\u53e3\u672a\u80fd\u6b63\u786e\u5904\u7406\u0027displayMode\u0027\u548c\u0027wrapPreDisplayMode\u0027\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "Ken Cijsouw",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.rsa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03893",
  "openTime": "2015-06-23",
  "patchDescription": "RSA Validation Manager\u662f\u4e00\u6b3eRSA\u7684\u6821\u9a8c\u7a0b\u5e8f\u3002RSA Validation Manager\u7528\u6237\u63a5\u53e3\u672a\u80fd\u6b63\u786e\u5904\u7406\u0027displayMode\u0027\u548c\u0027wrapPreDisplayMode\u0027\u53c2\u6570\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "RSA Validation Manager \u0027displayMode\u0027\u548c\u0027wrapPreDisplayMode\u0027\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC RSA Validation Manager 3.2(\u003cbuild 201)"
  },
  "referenceLink": "http://www.securitytracker.com/id/1032590",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-17",
  "title": "RSA Validation Manager \u0027displayMode\u0027\u548c\u0027wrapPreDisplayMode\u0027\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

GSD-2015-0526

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0526

Aliases

CVE-2015-0526

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0526",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.",
    "id": "GSD-2015-0526"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0526"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.",
      "id": "GSD-2015-0526",
      "modified": "2023-12-13T01:19:58.860272Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2015-0526",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032590",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032590"
          },
          {
            "name": "20150616 ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://seclists.org/bugtraq/2015/Jun/88"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:rsa_validation_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2015-0526"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150616 ESA-2015-043: RSA Validation Manager Security Update for Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://seclists.org/bugtraq/2015/Jun/88"
            },
            {
              "name": "1032590",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032590"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-09-23T01:29Z",
      "publishedDate": "2015-06-22T15:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0526 (GCVE-0-2015-0526)

FKIE_CVE-2015-0526

GHSA-X8HH-C774-R7CV

CNVD-2015-03893

GSD-2015-0526

Tags

Sightings

Nomenclature