Sign-up

ID

VAR-201905-0767


CVE

CVE-2018-15530


TITLE

Xerox ColorQube 8580 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-015416

DESCRIPTION

Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. Xerox ColorQube 8580 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Xerox ColorQube 8580 is a multi-function printer produced by Xerox in the United States. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2018-15530 // JVNDB: JVNDB-2018-015416 // VULHUB: VHN-125799

AFFECTED PRODUCTS

vendor:xeroxmodel:colorqube 8580scope:eqversion: -

Trust: 1.0

vendor:xeroxmodel:colorqube 8580scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-015416 // NVD: CVE-2018-15530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15530
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15530
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125799
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15530
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125799
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15530
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125799 // JVNDB: JVNDB-2018-015416 // CNNVD: CNNVD-201905-293 // NVD: CVE-2018-15530

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-125799 // JVNDB: JVNDB-2018-015416 // NVD: CVE-2018-15530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-293

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-293

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015416

PATCH
title:ColorQube 8580url:https://www.office.xerox.com/en-us/printers/colorqube-8580
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015416

EXTERNAL IDS
db:NVDid:CVE-2018-15530
Trust: 2.5
db:JVNDBid:JVNDB-2018-015416
Trust: 0.8
db:CNNVDid:CNNVD-201905-293
Trust: 0.7
db:VULHUBid:VHN-125799
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125799 // 
            
            
            
            JVNDB: JVNDB-2018-015416 // 
            
            
            
            CNNVD: CNNVD-201905-293 // 
            
            
            
            NVD: CVE-2018-15530

REFERENCES
url:https://ysec.ch/?p=94
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-15530
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15530
Trust: 0.8
sources:
            
            
            VULHUB: VHN-125799 // 
            
            
            
            JVNDB: JVNDB-2018-015416 // 
            
            
            
            CNNVD: CNNVD-201905-293 // 
            
            
            
            NVD: CVE-2018-15530

SOURCES
db:VULHUBid:VHN-125799
db:JVNDBid:JVNDB-2018-015416
db:CNNVDid:CNNVD-201905-293
db:NVDid:CVE-2018-15530

LAST UPDATE DATE
2024-11-23T22:41:30.217000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125799date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015416date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-293date:2019-05-22T00:00:00
db:NVDid:CVE-2018-15530date:2024-11-21T03:51:00.587

SOURCES RELEASE DATE
db:VULHUBid:VHN-125799date:2019-05-13T00:00:00
db:JVNDBid:JVNDB-2018-015416date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201905-293date:2019-05-13T00:00:00
db:NVDid:CVE-2018-15530date:2019-05-13T13:29:01.277