Sign-up

ID

VAR-201605-0269


CVE

CVE-2016-4783


TITLE

Android Run on Lenovo SHAREit Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-002920

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS).". Lenovo ShareIT for Android is prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Lenovo SHAREit (Eggplant Express) on Android is a set of file sharing software based on the Android platform of China Lenovo (Lenovo)

Trust: 1.98

sources: NVD: CVE-2016-4783 // JVNDB: JVNDB-2016-002920 // BID: 90833 // VULHUB: VHN-93602

AFFECTED PRODUCTS

vendor:lenovomodel:shareitscope:eqversion:3.5.98_ww

Trust: 1.0

vendor:lenovomodel:shareitscope:ltversion:3.5.98_ww (android 4.4 )

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:4.3.1

Trust: 0.6

sources: JVNDB: JVNDB-2016-002920 // CNNVD: CNNVD-201605-585 // NVD: CVE-2016-4783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4783
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-4783
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201605-585
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93602
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4783
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-93602
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4783
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-93602 // JVNDB: JVNDB-2016-002920 // CNNVD: CNNVD-201605-585 // NVD: CVE-2016-4783

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-93602 // JVNDB: JVNDB-2016-002920 // NVD: CVE-2016-4783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-585

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201605-585

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002920

PATCH
title:LEN-6421url:https://support.lenovo.com/jp/ja/product_security/len_6421
Trust: 0.8
title:Lenovo SHAREit Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61898
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002920 // 
            
            
            
            CNNVD: CNNVD-201605-585

EXTERNAL IDS
db:NVDid:CVE-2016-4783
Trust: 2.8
db:JVNDBid:JVNDB-2016-002920
Trust: 0.8
db:CNNVDid:CNNVD-201605-585
Trust: 0.7
db:BIDid:90833
Trust: 0.4
db:VULHUBid:VHN-93602
Trust: 0.1
sources:
            
            
            VULHUB: VHN-93602 // 
            
            
            
            BID: 90833 // 
            
            
            
            JVNDB: JVNDB-2016-002920 // 
            
            
            
            CNNVD: CNNVD-201605-585 // 
            
            
            
            NVD: CVE-2016-4783

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len_6421
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4783
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4783
Trust: 0.8
url:http://shareit.lenovo.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-93602 // 
            
            
            
            BID: 90833 // 
            
            
            
            JVNDB: JVNDB-2016-002920 // 
            
            
            
            CNNVD: CNNVD-201605-585 // 
            
            
            
            NVD: CVE-2016-4783

CREDITS
Nicky of Tencent Security Platform Department
Trust: 0.3
sources:
            
            
            BID: 90833

SOURCES
db:VULHUBid:VHN-93602
db:BIDid:90833
db:JVNDBid:JVNDB-2016-002920
db:CNNVDid:CNNVD-201605-585
db:NVDid:CVE-2016-4783

LAST UPDATE DATE
2025-04-12T23:29:28.443000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-93602date:2016-05-25T00:00:00
db:BIDid:90833date:2016-05-20T00:00:00
db:JVNDBid:JVNDB-2016-002920date:2016-05-27T00:00:00
db:CNNVDid:CNNVD-201605-585date:2016-05-24T00:00:00
db:NVDid:CVE-2016-4783date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-93602date:2016-05-23T00:00:00
db:BIDid:90833date:2016-05-20T00:00:00
db:JVNDBid:JVNDB-2016-002920date:2016-05-27T00:00:00
db:CNNVDid:CNNVD-201605-585date:2016-05-24T00:00:00
db:NVDid:CVE-2016-4783date:2016-05-23T19:59:13.167