TrueConf Server 4.3.7 /admin/conferences/list/ sort Reflected cross site scripting

Una vulnerabilidad clasificada como problemática fue encontrada en TrueConf Server 4.3.7. Una función desconocida del archivo /admin/conferences/list/ es afectada por esta vulnerabilidad. Por la manipulación del parámetro sort de un input desconocido se causa una vulnerabilidad de clase cross site scripting. El advisory puede ser descargado de exploit-db.com. La vulnerabilidad es identificada como CVE-2017-20115. El ataque se puede hacer desde la red. Los detalles técnicos son conocidos. Fue declarado como proof-of-concept. El exploit puede ser descargado de exploit-db.com. Una actualización a la versión 5.0.2 elimina esta vulnerabilidad. El mejor modo sugerido para mitigar el problema es actualizar a la última versión. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo2022-11-12 00:472022-11-12 00:562023-03-24 21:09
nameServerServerServer
version4.3.74.3.74.3.7
file/admin/conferences/list//admin/conferences/list//admin/conferences/list/
argumentsortsortsort
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.03.02.7
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss3_meta_basescore3.54.14.1
cvss3_meta_tempscore3.24.04.0
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.23.23.2
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
titlewordReflectedReflectedReflected
date1485648000 (2017-01-29)1485648000 (2017-01-29)1485648000 (2017-01-29)
locationExploit-DBExploit-DBExploit-DB
typeExploitExploitExploit
urlhttps://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/
identifierEDB-ID 41184EDB-ID 41184EDB-ID 41184
person_nicknameLiquidWormLiquidWormLiquidWorm
availability111
date1485648000 (2017-01-29)1485648000 (2017-01-29)1485648000 (2017-01-29)
publicity111
urlhttps://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/https://www.exploit-db.com/exploits/41184/
developer_nicknameLiquidWormLiquidWormLiquidWorm
price_0day$0-$5k$0-$5k$0-$5k
exploitdb411844118441184
seealso96627 96628 96630 96631 96632 96633 9663496627 96628 96630 96631 96632 96633 9663496627 96628 96630 96631 96632 96633 96634
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlNDNDOF
cvss2_vuldb_rcURURC
cvss3_vuldb_ePPP
cvss3_vuldb_rlXXO
cvss3_vuldb_rcRRC
cvss2_vuldb_auSSS
cvss3_vuldb_prLLL
exploitdb_date1485648000 (2017-01-29)1485648000 (2017-01-29)1485648000 (2017-01-29)
cwe80 (cross site scripting)80 (cross site scripting)80 (cross site scripting)
vendorTrueConfTrueConfTrueConf
cveCVE-2017-20115CVE-2017-20115CVE-2017-20115
responsibleVulDBVulDBVulDB
cve_assigned1656280800 (2022-06-27)1656280800 (2022-06-27)1656280800 (2022-06-27)
cve_nvd_summaryA vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss2_nvd_basescore3.53.5
cvss3_nvd_basescore5.45.4
cvss3_cna_basescore3.53.5
nameUpgrade
upgrade_version5.0.2

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!