CVE-2015-0513
EMC M&R (Watch4net) Alerting Frontend XSS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
Múltiples vulnerabilidades XSS en la interfaz de usuario de administración en EMC M&R (también conocido como Watch4Net) anterior a 6.5u1 y ViPR SRM anterior a 3.6.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios aprovechándose de privilegios de acceso para establecer valores modificados de campos sin especificar
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-17 CVE Reserved
- 2015-01-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html | Broken Link | |
| http://www.securityfocus.com/bid/72259 | Third Party Advisory | |
| http://www.securitytracker.com/id/1031567 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Watch4net Search vendor "Emc" for product "Watch4net" | <= 6.5 Search vendor "Emc" for product "Watch4net" and version " <= 6.5" | - |
Affected
| ||||||
| Emc Search vendor "Emc" | Vipr Srm Search vendor "Emc" for product "Vipr Srm" | <= 3.6.0 Search vendor "Emc" for product "Vipr Srm" and version " <= 3.6.0" | - |
Affected
| ||||||