var-200912-0136
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1. (1) error_1 To BackButton Parameters (2) fresh_pppoe_1 To wzConnFlag Parameters (3) rpDiag_argen_1 To diag_pppindex_argen Parameters (4) rpDiag_argen_1 To DiagStartFlag Parameters (5) rpNATdmz_argen_1 To wzdmz_active Parameters (6) rpNATdmz_argen_1 To wzdmzHostIP Parameters (7) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPort Parameters (8) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPortLocal Parameters (9) rpNATvirsvr_argen_1 To wzVIRTUALSVR_IndexFlag Parameters (10) rpNATvirsvr_argen_1 To wzVIRTUALSVR_localIP Parameters (11) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPort Parameters (12) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPortLocal Parameters (13) rpStatus_argen_1 To Connect_DialFlag Parameters (14) rpStatus_argen_1 To Connect_DialHidden Parameters (15) rpStatus_argen_1 To Connect_Flag Parameters (16) rpwizard_1 To Telephone_select Parameters (17) rpwizard_1 To wzFirstFlag Parameters (18) rpwizPppoe_1 To wzConnectFlag Parameters. Huawei MT882 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also obtain sensitive information. Huawei MT882 firmware 3.7.9.98 is vulnerable; other versions may also be affected. Huawei MT882l is a small ADSL modem. Multiple scripts in Forms/ of the MT882l cat do not properly filter parameter requests submitted by users. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
For more information visit: http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com
TITLE: Huawei MT882 Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID: SA37568
VERIFY ADVISORY: http://secunia.com/advisories/37568/
DESCRIPTION: DecodeX01 has reported multiple vulnerabilities in Huawei MT882, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "BackButton" parameter in Forms/error_1, "wzConnFlag" in Forms/fresh_pppoe_1, "diag_pppindex_argen" and "DiagStartFlag" in Forms/rpDiag_argen_1, "wzdmz_active" and "wzdmzHostIP" in Forms/rpNATdmz_argen_1, "wzVIRTUALSVR_endPort", "wzVIRTUALSVR_endPortLocal", "wzVIRTUALSVR_IndexFlag", "wzVIRTUALSVR_localIP", "wzVIRTUALSVR_startPort", and "wzVIRTUALSVR_startPortLocal" in Forms/rpNATvirsvr_argen_1, "Connect_DialFlag", "Connect_DialHidden", and "Connect_Flag" in Forms/rpStatus_argen_1, "Telephone_select" and "wzFirstFlag" in Forms/rpwizard_1, and "wzConnectFlag" in Forms/rpwizPppoe_1 is not properly sanitised before being returned to the user.
The vulnerabilities are reported in version 3.7.9.98.
SOLUTION: Filter malicious characters and character sequences in a proxy.
PROVIDED AND/OR DISCOVERED BY: DecodeX01
ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/10276
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200912-0136",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mt882 v100t002b020 arg-t",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "firmware_3.7.9.98"
},
{
"model": "mt882 v100t002b020 arg-t",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "firmware 3.7.9.98"
},
{
"model": "mt882",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "3.7.9.98"
}
],
"sources": [
{
"db": "BID",
"id": "37194"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:huawei:mt882_v100t002b020_arg-t",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DecodeX01",
"sources": [
{
"db": "BID",
"id": "37194"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-4196",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41642",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4196",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-4196",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200912-061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-41642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the (1) BackButton parameter to error_1; (2) wzConnFlag parameter to fresh_pppoe_1; (3) diag_pppindex_argen and (4) DiagStartFlag parameters to rpDiag_argen_1; (5) wzdmz_active and (6) wzdmzHostIP parameters to rpNATdmz_argen_1; (7) wzVIRTUALSVR_endPort, (8) wzVIRTUALSVR_endPortLocal, (9) wzVIRTUALSVR_IndexFlag, (10) wzVIRTUALSVR_localIP, (11) wzVIRTUALSVR_startPort, and (12) wzVIRTUALSVR_startPortLocal parameters to rpNATvirsvr_argen_1; (13) Connect_DialFlag, (14) Connect_DialHidden, and (15) Connect_Flag parameters to rpStatus_argen_1; (16) Telephone_select, and (17) wzFirstFlag parameters to rpwizard_1; and (18) wzConnectFlag parameter to rpwizPppoe_1. (1) error_1 To BackButton Parameters (2) fresh_pppoe_1 To wzConnFlag Parameters (3) rpDiag_argen_1 To diag_pppindex_argen Parameters (4) rpDiag_argen_1 To DiagStartFlag Parameters (5) rpNATdmz_argen_1 To wzdmz_active Parameters (6) rpNATdmz_argen_1 To wzdmzHostIP Parameters (7) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPort Parameters (8) rpNATvirsvr_argen_1 To wzVIRTUALSVR_endPortLocal Parameters (9) rpNATvirsvr_argen_1 To wzVIRTUALSVR_IndexFlag Parameters (10) rpNATvirsvr_argen_1 To wzVIRTUALSVR_localIP Parameters (11) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPort Parameters (12) rpNATvirsvr_argen_1 To wzVIRTUALSVR_startPortLocal Parameters (13) rpStatus_argen_1 To Connect_DialFlag Parameters (14) rpStatus_argen_1 To Connect_DialHidden Parameters (15) rpStatus_argen_1 To Connect_Flag Parameters (16) rpwizard_1 To Telephone_select Parameters (17) rpwizard_1 To wzFirstFlag Parameters (18) rpwizPppoe_1 To wzConnectFlag Parameters. Huawei MT882 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The attacker may also obtain sensitive information. \nHuawei MT882 firmware 3.7.9.98 is vulnerable; other versions may also be affected. Huawei MT882l is a small ADSL modem. Multiple scripts in Forms/ of the MT882l cat do not properly filter parameter requests submitted by users. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nHuawei MT882 Multiple Cross-Site Scripting Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA37568\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/37568/\n\nDESCRIPTION:\nDecodeX01 has reported multiple vulnerabilities in Huawei MT882,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks. \n\nInput passed to the \"BackButton\" parameter in Forms/error_1,\n\"wzConnFlag\" in Forms/fresh_pppoe_1, \"diag_pppindex_argen\" and\n\"DiagStartFlag\" in Forms/rpDiag_argen_1, \"wzdmz_active\" and\n\"wzdmzHostIP\" in Forms/rpNATdmz_argen_1, \"wzVIRTUALSVR_endPort\",\n\"wzVIRTUALSVR_endPortLocal\", \"wzVIRTUALSVR_IndexFlag\",\n\"wzVIRTUALSVR_localIP\", \"wzVIRTUALSVR_startPort\", and\n\"wzVIRTUALSVR_startPortLocal\" in Forms/rpNATvirsvr_argen_1,\n\"Connect_DialFlag\", \"Connect_DialHidden\", and \"Connect_Flag\" in\nForms/rpStatus_argen_1, \"Telephone_select\" and \"wzFirstFlag\" in\nForms/rpwizard_1, and \"wzConnectFlag\" in Forms/rpwizPppoe_1 is not\nproperly sanitised before being returned to the user. \n\nThe vulnerabilities are reported in version 3.7.9.98. \n\nSOLUTION:\nFilter malicious characters and character sequences in a proxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nDecodeX01\n\nORIGINAL ADVISORY:\nhttp://www.exploit-db.com/exploits/10276\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4196"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "BID",
"id": "37194"
},
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "PACKETSTORM",
"id": "83713"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41642",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4196",
"trust": 2.8
},
{
"db": "BID",
"id": "37194",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "10276",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061",
"trust": 0.7
},
{
"db": "XF",
"id": "54526",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "37568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41642",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83713",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "BID",
"id": "37194"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"id": "VAR-200912-0136",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:14:29.764000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.huawei.com/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/10276"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/37194"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54526"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4196"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4196"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/54526"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "BID",
"id": "37194"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41642"
},
{
"db": "BID",
"id": "37194"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-41642"
},
{
"date": "2009-12-03T00:00:00",
"db": "BID",
"id": "37194"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"date": "2009-12-10T17:01:34",
"db": "PACKETSTORM",
"id": "83713"
},
{
"date": "2009-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"date": "2009-12-04T11:30:00.780000",
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-41642"
},
{
"date": "2015-04-13T21:05:00",
"db": "BID",
"id": "37194"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005178"
},
{
"date": "2009-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200912-061"
},
{
"date": "2024-11-21T01:09:07.997000",
"db": "NVD",
"id": "CVE-2009-4196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei MT882 V100R002B020 ARG-T of Forms/ Cross-site scripting vulnerability in underlying script",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "83713"
},
{
"db": "CNNVD",
"id": "CNNVD-200912-061"
}
],
"trust": 0.7
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.