CVE-2019-16307
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el módulo webEx en los archivos webExMeetingLogin.jsp y deleteWebExMeetingCheck.jsp en Fuji Xerox DocuShare versiones hasta 7.0.0.C1.609, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del parámetro handle (archivo webExMeetingLogin.jsp) y el parámetro meetingKey (archivo deleteWebExMeetingCheck.jsp).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-09-14 CVE Reserved
- 2019-09-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fujixerox Search vendor "Fujixerox" | Docushare Search vendor "Fujixerox" for product "Docushare" | <= 7.0.0.c1.609 Search vendor "Fujixerox" for product "Docushare" and version " <= 7.0.0.c1.609" | - |
Affected
| ||||||