VAR-201506-0191
Vulnerability from variot - Updated: 2025-04-13 23:41Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 router. An attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. Alcatel-Lucent CellPipe 7130 Router running firmware 1.0.0.20h.HOL is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cellpipe 7130 router",
"scope": "eq",
"trust": 1.6,
"vendor": "alcatel lucent",
"version": "1.0.0.20h.hol"
},
{
"model": "cellpipe 7130 rg",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "cellpipe 7130 rg",
"scope": "eq",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "1.0.0.20h.hol"
},
{
"model": "cellpipe router with 1.0.0.20h.hol",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel lucent",
"version": "7130"
},
{
"model": "cellpipe 1.0.0.20h.hol",
"scope": "eq",
"trust": 0.3,
"vendor": "alcatel lucent",
"version": "7130"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "BID",
"id": "75305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:alcatel-lucent:cellpipe_7130_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:alcatel-lucent:cellpipe_7130_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dionisia Lerataki",
"sources": [
{
"db": "BID",
"id": "75305"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4587",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-03916",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-82548",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4587",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4587",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-03916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-331",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82548",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "VULHUB",
"id": "VHN-82548"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the \"Custom application\" field in the \"port triggering\" menu. Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 router. \nAn attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nAlcatel-Lucent CellPipe 7130 Router running firmware 1.0.0.20h.HOL is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4587"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "BID",
"id": "75305"
},
{
"db": "VULHUB",
"id": "VHN-82548"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-82548",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82548"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4587",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "132327",
"trust": 3.1
},
{
"db": "BID",
"id": "75305",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03916",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82548",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "VULHUB",
"id": "VHN-82548"
},
{
"db": "BID",
"id": "75305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"id": "VAR-201506-0191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "VULHUB",
"id": "VHN-82548"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
}
]
},
"last_update_date": "2025-04-13T23:41:20.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.alcatel-lucent.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82548"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/132327/cellpipe-7130-cross-site-scripting.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75305"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4587"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4587"
},
{
"trust": 0.3,
"url": "http://setuprouter.com/router/alcatel-lucent/cellpipe-7130/login.htm"
},
{
"trust": 0.3,
"url": "http://www.alcatel-lucent.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "VULHUB",
"id": "VHN-82548"
},
{
"db": "BID",
"id": "75305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "VULHUB",
"id": "VHN-82548"
},
{
"db": "BID",
"id": "75305"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"date": "2015-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-82548"
},
{
"date": "2015-06-18T00:00:00",
"db": "BID",
"id": "75305"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"date": "2015-06-18T18:59:05.130000",
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-82548"
},
{
"date": "2015-06-18T00:00:00",
"db": "BID",
"id": "75305"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003212"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-331"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4587"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alcatel-Lucent CellPipe 7130 Router Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03916"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-331"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…