CVE-2015-6929 - OpenCVE

Vendors	Products
Nokia	\@vantage Commander

Link	Resource
http://packetstormsecurity.com/files/133538/Nokia-Solutions-And-Networks-Cross-Site-Scripting.html	Exploit
http://seclists.org/fulldisclosure/2015/Sep/42	Exploit
https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M	Exploit

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-09-16T18:57:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/133538/Nokia-Solutions-And-Networks-Cross-Site-Scripting.html"}, {"name": "20150910 Nokia Solutions and Networks @vantage - Multiple Reflected XSS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Sep/42"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6929", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M", "refsource": "MISC", "url": "https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M"}, {"name": "http://packetstormsecurity.com/files/133538/Nokia-Solutions-And-Networks-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/133538/Nokia-Solutions-And-Networks-Cross-Site-Scripting.html"}, {"name": "20150910 Nokia Solutions and Networks @vantage - Multiple Reflected XSS", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Sep/42"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6929", "datePublished": "2015-09-16T18:00:00", "dateReserved": "2015-09-14T00:00:00", "dateUpdated": "2015-09-16T18:57:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokia:\\@vantage_commander:*:*:*:*:*:*:*:*", "matchCriteriaId": "7420B1BF-AB02-4833-BD13-AD2646230151", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary web script or HTML via the (1) idFilter or (2) nameFilter parameter to cftraces/filter/fl_copy.jsp; the (3) flName parameter to cftraces/filter/fl_crea1.jsp; the (4) serchStatus, (5) refreshTime, or (6) serchNode parameter to cftraces/process/pr_show_process.jsp; the (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, or (11) serchSessionkind parameter to cftraces/session/se_crea.jsp; the (12) serchSessionDescription parameter to cftraces/session/se_show.jsp; the (13) serchApplication or (14) serchApplicationkind parameter to cftraces/session/tr_crea_filter.jsp; the (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, or (26) component parameter to cftraces/session/tr_create_tagg_para.jsp; or the (27) userid parameter to home/certificate_association.jsp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Nokia Networks (anteriormente Nokia Solutions y Networks y Nokia Siemens Networks) @vantage Commander permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) idFilter o (2) nameFilter a cftraces/filter/fl_copy.jsp; del par\u00e1metro (3) flName a cftraces/filter/fl_crea1.jsp; del par\u00e1metro (4) serchStatus, (5) refreshTime, o (6) serchNode a cftraces/process/pr_show_process.jsp; del par\u00e1metro (7) MaxActivationTime, (8) NumberOfBytes, (9) NumberOfTracefiles, (10) SessionName, o (11) serchSessionkind a cftraces/session/se_crea.jsp; del par\u00e1metro (12) serchSessionDescription a cftraces/session/se_show.jsp; del par\u00e1metro (13) serchApplication o (14) serchApplicationkind a cftraces/session/tr_crea_filter.jsp; del par\u00e1metro (15) columKeyUnique, (16) columParameter, (17) componentName, (18) criteria1, (19) criteria2, (20) criteria3, (21) description, (22) filter, (23) id, (24) pathName, (25) tableName, o (26) component a cftraces/session/tr_create_tagg_para.jsp; o del par\u00e1metro (27) userid a home/certificate_association.jsp."}], "id": "CVE-2015-6929", "lastModified": "2015-11-24T18:13:21.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-09-16T18:59:05.473", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/133538/Nokia-Solutions-And-Networks-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2015/Sep/42"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

JSON object

JSON object

JSON object