Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by Matt
CVE-2025-60086 (GCVE-0-2025-60086)
Vulnerability from nvd – Published: 2025-12-18 07:22 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Matt | WP Voting Contest |
Affected:
0 , ≤ 5.8
(custom)
|
Date Public
2026-04-22 14:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:56:32.386437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T15:58:10.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-voting-contest",
"product": "WP Voting Contest",
"vendor": "Matt",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "theviper17 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:23:22.364Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Voting Contest: from n/a through \u003c= 5.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through \u003c= 5.8."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:54.131Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-voting-contest/vulnerability/wordpress-wp-voting-contest-plugin-5-8-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Voting Contest plugin \u003c= 5.8 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60086",
"datePublished": "2025-12-18T07:22:07.949Z",
"dateReserved": "2025-09-25T15:20:02.782Z",
"dateUpdated": "2026-04-28T16:13:54.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50017 (GCVE-0-2025-50017)
Vulnerability from nvd – Published: 2025-06-20 15:03 – Updated: 2026-05-12 00:24
VLAI
Title
WordPress WP Voting Contest plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through <= 5.8.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Matt | WP Voting Contest |
Affected:
0 , ≤ 5.8
(custom)
|
Date Public
2026-04-01 16:41
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:20:38.456208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T00:24:32.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-voting-contest",
"product": "WP Voting Contest",
"vendor": "Matt",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "greenhats | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:41:27.577Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.\u003cp\u003eThis issue affects WP Voting Contest: from n/a through \u003c= 5.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through \u003c= 5.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:16.340Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-voting-contest/vulnerability/wordpress-wp-voting-contest-plugin-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Voting Contest plugin \u003c= 5.8 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-50017",
"datePublished": "2025-06-20T15:03:59.993Z",
"dateReserved": "2025-06-11T16:08:21.170Z",
"dateUpdated": "2026-05-12T00:24:32.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60086 (GCVE-0-2025-60086)
Vulnerability from cvelistv5 – Published: 2025-12-18 07:22 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through <= 5.8.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Matt | WP Voting Contest |
Affected:
0 , ≤ 5.8
(custom)
|
Date Public
2026-04-22 14:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:56:32.386437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T15:58:10.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-voting-contest",
"product": "WP Voting Contest",
"vendor": "Matt",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "theviper17 | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-22T14:23:22.364Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Voting Contest: from n/a through \u003c= 5.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Matt WP Voting Contest wp-voting-contest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Voting Contest: from n/a through \u003c= 5.8."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:54.131Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-voting-contest/vulnerability/wordpress-wp-voting-contest-plugin-5-8-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Voting Contest plugin \u003c= 5.8 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-60086",
"datePublished": "2025-12-18T07:22:07.949Z",
"dateReserved": "2025-09-25T15:20:02.782Z",
"dateUpdated": "2026-04-28T16:13:54.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50017 (GCVE-0-2025-50017)
Vulnerability from cvelistv5 – Published: 2025-06-20 15:03 – Updated: 2026-05-12 00:24
VLAI
Title
WordPress WP Voting Contest plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through <= 5.8.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Matt | WP Voting Contest |
Affected:
0 , ≤ 5.8
(custom)
|
Date Public
2026-04-01 16:41
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:20:38.456208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T00:24:32.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-voting-contest",
"product": "WP Voting Contest",
"vendor": "Matt",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "greenhats | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:41:27.577Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.\u003cp\u003eThis issue affects WP Voting Contest: from n/a through \u003c= 5.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Matt WP Voting Contest wp-voting-contest allows Stored XSS.This issue affects WP Voting Contest: from n/a through \u003c= 5.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:16.340Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-voting-contest/vulnerability/wordpress-wp-voting-contest-plugin-5-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Voting Contest plugin \u003c= 5.8 - Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-50017",
"datePublished": "2025-06-20T15:03:59.993Z",
"dateReserved": "2025-06-11T16:08:21.170Z",
"dateUpdated": "2026-05-12T00:24:32.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201401-0093
Vulnerability from variot - Updated: 2023-12-18 11:50Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors. The Belkin N300 Wi-Fi N Router is a wireless router device. A cross-site scripting vulnerability exists in the Belkin N300 Wi-Fi N Router that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, gain sensitive information, or hijack user sessions. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. User supplied data (from the "recipient" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. The Belkin N300 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n300",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": null
},
{
"model": "n300 wi-fi n router",
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n300 wi-fi n router",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.00.06"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.6,
"vendor": "matt",
"version": "1.0"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.6,
"vendor": "matt",
"version": "1.9"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
},
{
"model": "n300 f7d7301v1",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "1.00.06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3090"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59497"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3090",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3090",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2013-04024",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-63092",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3090",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04024",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-590",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63092",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "VULHUB",
"id": "VHN-63092"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors. The Belkin N300 Wi-Fi N Router is a wireless router device. A cross-site scripting vulnerability exists in the Belkin N300 Wi-Fi N Router that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, gain sensitive information, or hijack user sessions. \nA web server can use a remote site\u0027s FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, \"Matt Wright FormMail Remote Command Execution Vulnerability\". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. \nUser supplied data (from the \"recipient\" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. The Belkin N300 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
},
{
"db": "VULHUB",
"id": "VHN-63092"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3090",
"trust": 3.4
},
{
"db": "BID",
"id": "59497",
"trust": 1.0
},
{
"db": "XF",
"id": "300",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04024",
"trust": 0.6
},
{
"db": "BID",
"id": "2079",
"trust": 0.6
},
{
"db": "XF",
"id": "83837",
"trust": 0.6
},
{
"db": "BID",
"id": "2080",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-63092",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "VULHUB",
"id": "VHN-63092"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"id": "VAR-201401-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "VULHUB",
"id": "VHN-63092"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
}
]
},
"last_update_date": "2023-12-18T11:50:55.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N300 Wi-Fi N Router",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-product?pid=01t80000002wbtuaa2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63092"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 1.1,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83837"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3090"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3090"
},
{
"trust": 0.8,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.6,
"url": "http://www.worldwidemart.com/scripts/formmail.shtml"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/83837"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59497"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/static/300.php"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/bid/2079"
},
{
"trust": 0.3,
"url": "http://www.guard.dubna.ru/cgibug.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "VULHUB",
"id": "VHN-63092"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"db": "VULHUB",
"id": "VHN-63092"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"date": "2014-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63092"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59497"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"date": "2014-01-30T15:06:22.970000",
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04024"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63092"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59497"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005962"
},
{
"date": "2017-08-29T01:33:21.950000",
"db": "NVD",
"id": "CVE-2013-3090"
},
{
"date": "2014-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-590"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N300 Wi-Fi N Router Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005962"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "59497"
}
],
"trust": 0.6
}
}
VAR-200803-0166
Vulnerability from variot - Updated: 2023-12-18 11:06Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. User supplied data (from the "recipient" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. Wrt300n is prone to a cross-site scripting vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt300n",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt300n",
"scope": "eq",
"trust": 0.9,
"vendor": "linksys",
"version": "2.00.20"
},
{
"model": "wrt300n",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "2.00.20"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.6,
"vendor": "matt",
"version": "1.0"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.6,
"vendor": "matt",
"version": "1.9"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "eq",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.8"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.7"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.6"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.5"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.4"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.3"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.2"
},
{
"model": "wright formmail",
"scope": "ne",
"trust": 0.3,
"vendor": "matt",
"version": "1.1"
}
],
"sources": [
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt300n:*:*:2.00.20:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery information is not currently known.",
"sources": [
{
"db": "BID",
"id": "2080"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-1243",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-31368",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1243",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-121",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31368",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router with firmware 2.00.20, when Mozilla Firefox or Apple Safari is used, allows remote attackers to inject arbitrary web script or HTML via the dyndns_domain parameter to the default URI. \nA web server can use a remote site\u0027s FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, \"Matt Wright FormMail Remote Command Execution Vulnerability\". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. \nUser supplied data (from the \"recipient\" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. Wrt300n is prone to a cross-site scripting vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "VULHUB",
"id": "VHN-31368"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1243",
"trust": 2.8
},
{
"db": "XF",
"id": "300",
"trust": 0.9
},
{
"db": "XF",
"id": "41121",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121",
"trust": 0.7
},
{
"db": "BID",
"id": "2079",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BID",
"id": "81418",
"trust": 0.4
},
{
"db": "BID",
"id": "2080",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-31368",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"id": "VAR-200803-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:06:47.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://code.bulix.org/cx46qa-65489"
},
{
"trust": 2.0,
"url": "http://code.bulix.org/koom78-65490"
},
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41121"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41121"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1243"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1243"
},
{
"trust": 0.6,
"url": "http://www.worldwidemart.com/scripts/formmail.shtml"
},
{
"trust": 0.3,
"url": "http://xforce.iss.net/static/300.php"
},
{
"trust": 0.3,
"url": "http://www.securityfocus.com/bid/2079"
},
{
"trust": 0.3,
"url": "http://www.guard.dubna.ru/cgibug.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31368"
},
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31368"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "81418"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31368"
},
{
"date": "1997-01-01T00:00:00",
"db": "BID",
"id": "2080"
},
{
"date": "1995-08-02T00:00:00",
"db": "BID",
"id": "2079"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "81418"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004202"
},
{
"date": "2018-10-11T20:31:15.010000",
"db": "NVD",
"id": "CVE-2008-1243"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-121"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "2080"
},
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT300N Router cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "2079"
},
{
"db": "BID",
"id": "81418"
}
],
"trust": 0.6
}
}