Sign-up

ID

VAR-201911-0624


CVE

CVE-2019-18664


TITLE

SECUDOS DOMOS Log Module Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-40088 // CNNVD: CNNVD-201911-039

DESCRIPTION

The Log module in SECUDOS DOMOS before 5.6 allows XSS. SECUDOS DOMOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SECUDOS DOMOS is a set of operating systems for the Internet of Things equipment of German SECUDOS company. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

Trust: 2.7

sources: NVD: CVE-2019-18664 // JVNDB: JVNDB-2019-011398 // CNVD: CNVD-2019-40088 // CNNVD: CNNVD-201911-039

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-40088

AFFECTED PRODUCTS

vendor:secudosmodel:domosscope:ltversion:5.6

Trust: 2.4

sources: CNVD: CNVD-2019-40088 // JVNDB: JVNDB-2019-011398 // NVD: CVE-2019-18664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18664
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18664
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-40088
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-039
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18664
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40088
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18664
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-18664
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-40088 // JVNDB: JVNDB-2019-011398 // CNNVD: CNNVD-201911-039 // NVD: CVE-2019-18664

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-011398 // NVD: CVE-2019-18664

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-039

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201911-039

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011398

PATCH
title:DOMOS Release 5.6url:https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
Trust: 0.8
title:Patch for SECUDOS DOMOS Log Module Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/189585
Trust: 0.6
title:SECUDOS DOMOS Log Fixes for module cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101562
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-40088 // 
            
            
            
            JVNDB: JVNDB-2019-011398 // 
            
            
            
            CNNVD: CNNVD-201911-039

EXTERNAL IDS
db:NVDid:CVE-2019-18664
Trust: 3.0
db:JVNDBid:JVNDB-2019-011398
Trust: 0.8
db:CNVDid:CNVD-2019-40088
Trust: 0.6
db:CNNVDid:CNNVD-201911-039
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-40088 // 
            
            
            
            JVNDB: JVNDB-2019-011398 // 
            
            
            
            CNNVD: CNNVD-201911-039 // 
            
            
            
            NVD: CVE-2019-18664

REFERENCES
url:https://atomic111.github.io/article/secudos-domos-reflected-xss
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18664
Trust: 2.0
url:https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18664
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-40088 // 
            
            
            
            JVNDB: JVNDB-2019-011398 // 
            
            
            
            CNNVD: CNNVD-201911-039 // 
            
            
            
            NVD: CVE-2019-18664

SOURCES
db:CNVDid:CNVD-2019-40088
db:JVNDBid:JVNDB-2019-011398
db:CNNVDid:CNNVD-201911-039
db:NVDid:CVE-2019-18664

LAST UPDATE DATE
2024-11-23T22:37:36.408000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-40088date:2019-11-12T00:00:00
db:JVNDBid:JVNDB-2019-011398date:2019-11-07T00:00:00
db:CNNVDid:CNNVD-201911-039date:2019-11-05T00:00:00
db:NVDid:CVE-2019-18664date:2024-11-21T04:33:29.120

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-40088date:2019-11-12T00:00:00
db:JVNDBid:JVNDB-2019-011398date:2019-11-07T00:00:00
db:CNNVDid:CNNVD-201911-039date:2019-11-02T00:00:00
db:NVDid:CVE-2019-18664date:2019-11-02T15:15:10.757