Sign-up

ID

VAR-201606-0194


CVE

CVE-2016-1211


TITLE

Epoch Web Mailing List Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-03406 // CNNVD: CNNVD-201605-546

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability (CWE-79). Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged in user's web browser. EpochWebMailingList is a set of network contacts from Japan Epoch. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2016-1211 // JVNDB: JVNDB-2016-000066 // CNVD: CNVD-2016-03406 // BID: 90769

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03406

AFFECTED PRODUCTS

vendor:epochmodel:web mailing listscope:lteversion:0.31

Trust: 1.0

vendor:epochmodel:web mailing listscope:lteversion:v0.31

Trust: 0.8

vendor:epochmodel:web mailing listscope:lteversion:<=0.31

Trust: 0.6

vendor:epochmodel:web mailing listscope:eqversion:0.31

Trust: 0.6

sources: CNVD: CNVD-2016-03406 // JVNDB: JVNDB-2016-000066 // CNNVD: CNNVD-201605-546 // NVD: CVE-2016-1211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1211
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000066
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-03406
value: LOW

Trust: 0.6

CNNVD: CNNVD-201605-546
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2016-1211
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000066
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-03406
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-1211
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000066
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03406 // JVNDB: JVNDB-2016-000066 // CNNVD: CNNVD-201605-546 // NVD: CVE-2016-1211

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2016-000066 // NVD: CVE-2016-1211

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-546

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201605-546

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000066

PATCH
title:Epoch Ltd. websiteurl:http://www.psl.ne.jp/perl/ml/index.html
Trust: 0.8
title:Patch for EpochWebMailingList cross-site scripting vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/76256
Trust: 0.6
title:Epoch Web Mailing List Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61860
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03406 // 
            
            
            
            JVNDB: JVNDB-2016-000066 // 
            
            
            
            CNNVD: CNNVD-201605-546

EXTERNAL IDS
db:JVNid:JVN43076390
Trust: 3.3
db:NVDid:CVE-2016-1211
Trust: 3.3
db:JVNDBid:JVNDB-2016-000066
Trust: 2.4
db:CNVDid:CNVD-2016-03406
Trust: 0.6
db:CNNVDid:CNNVD-201605-546
Trust: 0.6
db:BIDid:90769
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-03406 // 
            
            
            
            BID: 90769 // 
            
            
            
            JVNDB: JVNDB-2016-000066 // 
            
            
            
            CNNVD: CNNVD-201605-546 // 
            
            
            
            NVD: CVE-2016-1211

REFERENCES
url:http://jvn.jp/en/jp/jvn43076390/index.html
Trust: 3.3
url:http://www.psl.ne.jp/perl/ml/index.html
Trust: 2.5
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000066
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1211
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1211
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03406 // 
            
            
            
            BID: 90769 // 
            
            
            
            JVNDB: JVNDB-2016-000066 // 
            
            
            
            CNNVD: CNNVD-201605-546 // 
            
            
            
            NVD: CVE-2016-1211

CREDITS
Yuya Yoshida of Mitsui Bussan Secure Directions, Inc.
Trust: 0.3
sources:
            
            
            BID: 90769

SOURCES
db:CNVDid:CNVD-2016-03406
db:BIDid:90769
db:JVNDBid:JVNDB-2016-000066
db:CNNVDid:CNNVD-201605-546
db:NVDid:CVE-2016-1211

LAST UPDATE DATE
2025-04-13T23:22:21.133000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03406date:2016-05-23T00:00:00
db:BIDid:90769date:2016-05-19T00:00:00
db:JVNDBid:JVNDB-2016-000066date:2016-06-08T00:00:00
db:CNNVDid:CNNVD-201605-546date:2016-06-06T00:00:00
db:NVDid:CVE-2016-1211date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03406date:2016-05-23T00:00:00
db:BIDid:90769date:2016-05-19T00:00:00
db:JVNDBid:JVNDB-2016-000066date:2016-05-19T00:00:00
db:CNNVDid:CNNVD-201605-546date:2016-05-20T00:00:00
db:NVDid:CVE-2016-1211date:2016-06-04T14:59:00.127