CVE-2015-7706 in SDS-APIinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shares/downloads/, the (2) authType parameter to api/v3/auth/login, or the (3) login parameter to api/v3/auth/reset_password.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

10/05/2015

Disclosure

01/11/2016

Moderation

VulDB entry created

Entries

1: VDB-80176

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.2

EPSS

0.00255

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-7706
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-7706
CVE Details	https://www.cvedetails.com/cve/CVE-2015-7706/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!