TrueConf Server 4.3.7 Stored cross site scripting

A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). The CWE definition for the vulnerability is CWE-80. The weakness was disclosed 01/29/2017 by LiquidWorm as EDB-ID 41184 as Exploit (Exploit-DB). It is possible to read the advisory at exploit-db.com. This vulnerability is uniquely identified as CVE-2017-20113. It is possible to initiate the attack remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as proof-of-concept. The exploit is shared for download at exploit-db.com. We expect the 0-day to have been worth approximately $0-$5k. Upgrading to version 5.0.2 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field11/11/2022 23:5411/12/2022 00:0903/24/2023 21:07
nameServerServerServer
version4.3.74.3.74.3.7
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.03.02.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss3_meta_basescore3.54.14.1
cvss3_meta_tempscore3.24.04.0
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.23.23.2
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
titlewordStoredStoredStored
date1485648000 (01/29/2017)1485648000 (01/29/2017)1485648000 (01/29/2017)
locationExploit-DBExploit-DBExploit-DB
typeExploitExploitExploit
urlhttps://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/
identifierEDB-ID 41184EDB-ID 41184EDB-ID 41184
person_nicknameLiquidWormLiquidWormLiquidWorm
availability111
date1485648000 (01/29/2017)1485648000 (01/29/2017)1485648000 (01/29/2017)
publicity111
urlhttps://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/
developer_nicknameLiquidWormLiquidWormLiquidWorm
price_0day$0-$5k$0-$5k$0-$5k
exploitdb411844118441184
seealso96628 96629 96630 96631 96632 96633 9663496628 96629 96630 96631 96632 96633 9663496628 96629 96630 96631 96632 96633 96634
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlNDNDOF
cvss2_vuldb_rcURURC
cvss3_vuldb_ePPP
cvss3_vuldb_rlXXO
cvss3_vuldb_rcRRC
cvss2_vuldb_auSSS
cvss3_vuldb_prLLL
exploitdb_date1485648000 (01/29/2017)1485648000 (01/29/2017)1485648000 (01/29/2017)
cwe80 (cross site scripting)80 (cross site scripting)80 (cross site scripting)
vendorTrueConfTrueConfTrueConf
cveCVE-2017-20113CVE-2017-20113CVE-2017-20113
responsibleVulDBVulDBVulDB
cve_assigned1656280800 (06/27/2022)1656280800 (06/27/2022)1656280800 (06/27/2022)
cve_nvd_summaryA vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss2_nvd_basescore3.53.5
cvss3_nvd_basescore5.45.4
cvss3_cna_basescore3.53.5
nameUpgrade
upgrade_version5.0.2

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!