VAR-201604-0097
Vulnerability from variot - Updated: 2025-04-13 23:18Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. (1) corporate/webpages/trafficdiscovery/LiveConnections.jsp of ipFamily Parameters (2) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of ipFamily Parameters (3) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of applicationname Parameters (4) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of username Parameters (5) X-Forwarded-For HTTP header. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cyberoam NG series of Unified Threat Management appliances arethe Next-Generation network security appliances that include UTM securityfeatures along with performance required for future networks. The NG seriesfor SMEs are the 'fastest UTMs' made for this segment. The best-in-classhardware along with software to match, enables the NG series to offer unmatchedthroughput speeds, compared to any other UTM appliance in this market segment.This assures support for future IT trends in organizations like high-speedInternet and rising number of devices in organizations – offering future-readysecurity to SMEs.Multiple reflected XSS issues were discovered in Cyberoam NG appliances.Input passed via the 'ipFamily', 'applicationname' and 'username' GET parametersto LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitisedbefore being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP headerto a request makes the appliance also prone to a XSS issue. Sophos Cyberoam CR100iNG UTM, CR35iNG UTM and CR35iNG UTM are all new-generation firewalls running CyberoamOS operating system from British Sophos Company, which provide online application detection and control, web filtering, HTTPS inspection, intrusion prevention and other functions. The vulnerability stems from the fact that the corporate/webpages/trafficdiscovery/LiveConnections.jsp script does not fully filter the 'ipFamily' parameter; the corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp script does not fully filter the 'ipFamily' , 'applicationname', and 'username' parameters; the program did not adequately filter the X-Forwarded-For HTTP header. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cyberoam cr100ing utm",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "10.6.3_mr-1_build_503"
},
{
"model": "cyberoam cr35ing utm",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "10.6.2_build_378"
},
{
"model": "cyberoam cr35ing utm",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "10.6.2_mr-1_build_383"
},
{
"model": "cyberoam cr100ing utm",
"scope": "eq",
"trust": 0.8,
"vendor": "sophos",
"version": "10.6.3 mr-1 build 503"
},
{
"model": "cyberoam cr35ing utm",
"scope": "eq",
"trust": 0.8,
"vendor": "sophos",
"version": "10.6.2 build 378"
},
{
"model": "cyberoam cr35ing utm",
"scope": "eq",
"trust": 0.8,
"vendor": "sophos",
"version": "10.6.2 mr-1 build 383"
},
{
"model": "cyberoam cr35ing utm",
"scope": "eq",
"trust": 0.6,
"vendor": "sophos",
"version": null
},
{
"model": "cyberoam cr100ing utm",
"scope": "eq",
"trust": 0.6,
"vendor": "sophos",
"version": null
},
{
"model": "cyberoam ng series multiple cross-site scripting vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "sophos pvt",
"version": "fw: 10.6.3 mr-1 (build 503)"
},
{
"model": "cyberoam ng series multiple cross-site scripting vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "sophos pvt",
"version": "fw: 10.6.2 mr-1 (build 383)"
},
{
"model": "cyberoam ng series multiple cross-site scripting vulnerabilities",
"scope": "eq",
"trust": 0.1,
"vendor": "sophos pvt",
"version": "fw: 10.6.2 (build 378)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sophos:cyberoam_cr100ing_utm_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sophos:cyberoam_cr35ing_utm_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gjoko Krstic",
"sources": [
{
"db": "BID",
"id": "85892"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3968",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-3968",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-92787",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-3968",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3968",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-3968",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2016-5313",
"trust": 0.1,
"value": "(2/5)"
},
{
"author": "VULHUB",
"id": "VHN-92787",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "VULHUB",
"id": "VHN-92787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. (1) corporate/webpages/trafficdiscovery/LiveConnections.jsp of ipFamily Parameters (2) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of ipFamily Parameters (3) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of applicationname Parameters (4) corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp of username Parameters (5) X-Forwarded-For HTTP header. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Cyberoam NG series of Unified Threat Management appliances arethe Next-Generation network security appliances that include UTM securityfeatures along with performance required for future networks. The NG seriesfor SMEs are the \u0027fastest UTMs\u0027 made for this segment. The best-in-classhardware along with software to match, enables the NG series to offer unmatchedthroughput speeds, compared to any other UTM appliance in this market segment.This assures support for future IT trends in organizations like high-speedInternet and rising number of devices in organizations \u2013 offering future-readysecurity to SMEs.Multiple reflected XSS issues were discovered in Cyberoam NG appliances.Input passed via the \u0027ipFamily\u0027, \u0027applicationname\u0027 and \u0027username\u0027 GET parametersto LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitisedbefore being returned to the user. Adding arbitrary \u0027X-Forwarded-For\u0027 HTTP headerto a request makes the appliance also prone to a XSS issue. Sophos Cyberoam CR100iNG UTM, CR35iNG UTM and CR35iNG UTM are all new-generation firewalls running CyberoamOS operating system from British Sophos Company, which provide online application detection and control, web filtering, HTTPS inspection, intrusion prevention and other functions. The vulnerability stems from the fact that the corporate/webpages/trafficdiscovery/LiveConnections.jsp script does not fully filter the \u0027ipFamily\u0027 parameter; the corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp script does not fully filter the \u0027ipFamily\u0027 , \u0027applicationname\u0027, and \u0027username\u0027 parameters; the program did not adequately filter the X-Forwarded-For HTTP header. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3968"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "BID",
"id": "85892"
},
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "VULHUB",
"id": "VHN-92787"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cyberoam_xss.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3968",
"trust": 2.9
},
{
"db": "ZSL",
"id": "ZSL-2016-5313",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "136561",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036",
"trust": 0.7
},
{
"db": "BID",
"id": "85892",
"trust": 0.4
},
{
"db": "CXSECURITY",
"id": "WLB-2016040025",
"trust": 0.1
},
{
"db": "VULDB",
"id": "81644",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-92787",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "VULHUB",
"id": "VHN-92787"
},
{
"db": "BID",
"id": "85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"id": "VAR-201604-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92787"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:00.671000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CR100iNG UTM",
"trust": 0.8,
"url": "http://www.cyberoam.com/downloads/datasheet/CyberoamCR100iNG.pdf"
},
{
"title": "CR35iNG UTM",
"trust": 0.8,
"url": "http://www.cyberoam.com/downloads/datasheet/CyberoamCR35iNG.pdf"
},
{
"title": "Multiple Sophos Cyberoam Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60771"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2016-5313.php"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/136561/sophos-cyberoam-ng-series-cross-site-scripting.html"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3968"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3968"
},
{
"trust": 0.3,
"url": "http://www.sophos.com/"
},
{
"trust": 0.1,
"url": "https://docs.cyberoam.com/default.asp?id=447\u0026amp;lang=1\u0026amp;sid="
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2016040025"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/136561"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/111980"
},
{
"trust": 0.1,
"url": "http://vuldb.com/?id.81644"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/ja/contents/2016/jvndb-2016-001941.html"
},
{
"trust": 0.1,
"url": "http://tech.cert-hungary.hu/vulnerabilities/ch-13158"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "VULHUB",
"id": "VHN-92787"
},
{
"db": "BID",
"id": "85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"db": "VULHUB",
"id": "VHN-92787"
},
{
"db": "BID",
"id": "85892"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-04T00:00:00",
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-92787"
},
{
"date": "2016-04-04T00:00:00",
"db": "BID",
"id": "85892"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"date": "2016-04-06T18:59:00.120000",
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-11T00:00:00",
"db": "ZSL",
"id": "ZSL-2016-5313"
},
{
"date": "2016-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-92787"
},
{
"date": "2016-04-04T00:00:00",
"db": "BID",
"id": "85892"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001941"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-036"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-3968"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sophos Cyberoam CR100iNG UTM and CR35iNG UTM Appliance firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-036"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…