VDB-98911 · CVE-2017-20047 · GCVE-100-98911

AXIS P1204/P3225/P3367/M3045/M3005/M3007 Cross Site Scripting

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen . A sa manipulation ka Cross Site Scripting. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-79. Hakika, rauni an bayyana shi 03/16/2017 daga David Wearing kamar Axis Camera Multiple Vulnerabilities kamar Mailinglist Post (Full-Disclosure). An raba bayanin tsaro don saukewa a seclists.org. Vendor an kaɗi, public release an kaɗi. Wannan matsala ana saninta da CVE-2017-20047. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal faɗi ba ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga seclists.org. 0-day shima, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

7 Goyarwa · 74 Datenpunkte

Furɗe	Gargadi 2/6 06/08/2022 09:00	Gargadi 3/6 06/08/2022 09:02	Gargadi 4/6 11/22/2022 09:47	Gargadi 5/6 11/22/2022 09:52	Gargadi 6/6 11/22/2022 09:54
software_vendor	AXIS	AXIS	AXIS	AXIS	AXIS
software_name	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007	P1204/P3225/P3367/M3045/M3005/M3007
software_component	XSS Protection
vulnerability_vendorinformdate	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)	1479945600 (11/24/2016)
vulnerability_risk	1	1	1	1	1
vulnerability_historic	0	0	0	0	0
cvss2_vuldb_basescore	2.6	4.3	4.3	4.3	4.3
cvss2_vuldb_tempscore	2.3	3.4	3.4	3.4	3.4
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	H	M	M	M	M
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	N	N	N	N	N
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	N	N	N	N	N
cvss3_meta_basescore	3.1	4.3	4.3	4.3	4.3
cvss3_meta_tempscore	3.0	3.9	3.9	3.9	3.9
cvss3_vuldb_basescore	3.1	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.0	3.9	3.9	3.9	3.9
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	H	L	L	L	L
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	R	R	R	R	R
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	N	N	N	N	N
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	N	N	N	N	N
advisory_date	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)	1489622400 (03/16/2017)
advisory_location	Full-Disclosure	Full-Disclosure	Full-Disclosure	Full-Disclosure	Full-Disclosure
advisory_type	Mailinglist Post	Mailinglist Post	Mailinglist Post	Mailinglist Post	Mailinglist Post
advisory_url	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41	http://seclists.org/fulldisclosure/2017/Mar/41
advisory_identifier	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities	Axis Camera Multiple Vulnerabilities
advisory_coordination	1	1	1	1	1
person_name	David Wearing	David Wearing	David Wearing	David Wearing	David Wearing
advisory_reaction_date	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)	1480636800 (12/02/2016)
advisory_disputed	0	0	0	0	0
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
countermeasure_name	Gargajiya	Gargajiya	Gargajiya	Gargajiya	Gargajiya
source_seealso	98910 98912 98913 98914	98910 98912 98913 98914	98910 98912 98913 98914	98910 98912 98913 98914	98910 98912 98913 98914
cvss2_vuldb_e	ND	POC	POC	POC	POC
cvss2_vuldb_rl	OF	OF	OF	OF	OF
cvss2_vuldb_rc	C	C	C	C	C
cvss3_vuldb_e	X	P	P	P	P
cvss3_vuldb_rl	O	O	O	O	O
cvss3_vuldb_rc	C	C	C	C	C
0day_days	112	112	112	112	112
vulnerability_cwe	CWE-269 (kura hakki ndiyam)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)	CWE-79 (Cross Site Scripting)
source_cve	CVE-2017-20047	CVE-2017-20047	CVE-2017-20047	CVE-2017-20047	CVE-2017-20047
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
exploit_availability		1	1	1	1
exploit_publicity		1	1	1	1
exploit_url		https://seclists.org/fulldisclosure/2017/Mar/41	https://seclists.org/fulldisclosure/2017/Mar/41	https://seclists.org/fulldisclosure/2017/Mar/41	https://seclists.org/fulldisclosure/2017/Mar/41
cve_assigned			1654639200 (06/08/2022)	1654639200 (06/08/2022)	1654639200 (06/08/2022)
cvss2_nvd_av				N	N
cvss2_nvd_ac				M	M
cvss2_nvd_au				S	S
cvss2_nvd_ci				N	N
cvss2_nvd_ii				P	P
cvss2_nvd_ai				N	N
cvss2_nvd_basescore				3.5	3.5
cve_nvd_summary					A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!