CVE-2017-20153

A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.

CVSS v3.0 6.1 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/aerouk/imageserve/pull/27	Exploit Third Party Advisory
https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4	Patch Third Party Advisory
https://vuldb.com/?ctiid.217057	Third Party Advisory
https://vuldb.com/?id.217057	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:imageserve_project:imageserve:-:*:*:*:*:*:*:*

Information

Published : 2022-12-30 04:15

Updated : 2023-01-09 09:47

NVD link : CVE-2017-20153

Mitre link : CVE-2017-20153

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

imageserve_project

imageserve

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/aerouk/imageserve/pull/27", "name": "https://github.com/aerouk/imageserve/pull/27", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4", "name": "https://github.com/aerouk/imageserve/commit/2ac3cd4f90b4df66874fab171376ca26868604c4", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.217057", "name": "https://vuldb.com/?ctiid.217057", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.217057", "name": "https://vuldb.com/?id.217057", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-20153", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2022-12-30T12:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:imageserve_project:imageserve:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-09T17:47Z"}