Details of VAR-202301-0108

ID

VAR-202301-0108

CVE

CVE-2015-10010

TITLE

OpenDNS OpenResolve Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008666

DESCRIPTION

A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196. OpenDNS OpenResolve Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2015-10010 // JVNDB: JVNDB-2015-008666 // VULHUB: VHN-450419 // VULMON: CVE-2015-10010

AFFECTED PRODUCTS

vendor:	cisco	model:	openresolve	scope:	lt	version:	2015-08-03	Trust: 1.0
vendor:	シスコシステムズ	model:	openresolve	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	openresolve	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2015-008666 // NVD: CVE-2015-10010

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2015-10010
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2015-10010
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2015-008666
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-081
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2015-10010
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2015-008666
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2015-10010
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2015-10010
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2015-008666
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2015-008666 // CNNVD: CNNVD-202301-081 // NVD: CVE-2015-10010 // NVD: CVE-2015-10010

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: VULHUB: VHN-450419 // JVNDB: JVNDB-2015-008666 // NVD: CVE-2015-10010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-081

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202301-081

PATCH

title:	Prevent Reflected XSS	url:	https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd	Trust: 0.8
title:	OpenDNS OpenResolve Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=220593	Trust: 0.6

sources: JVNDB: JVNDB-2015-008666 // CNNVD: CNNVD-202301-081

EXTERNAL IDS

db:	NVD	id:	CVE-2015-10010	Trust: 3.4
db:	VULDB	id:	217196	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-008666	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-081	Trust: 0.6
db:	VULHUB	id:	VHN-450419	Trust: 0.1
db:	VULMON	id:	CVE-2015-10010	Trust: 0.1

sources: VULHUB: VHN-450419 // VULMON: CVE-2015-10010 // JVNDB: JVNDB-2015-008666 // CNNVD: CNNVD-202301-081 // NVD: CVE-2015-10010

REFERENCES

url:	https://vuldb.com/?id.217196	Trust: 2.6
url:	https://github.com/opendns/openresolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd	Trust: 1.8
url:	https://vuldb.com/?ctiid.217196	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-10010	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2015-10010/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-450419 // VULMON: CVE-2015-10010 // JVNDB: JVNDB-2015-008666 // CNNVD: CNNVD-202301-081 // NVD: CVE-2015-10010

SOURCES

db:	VULHUB	id:	VHN-450419
db:	VULMON	id:	CVE-2015-10010
db:	JVNDB	id:	JVNDB-2015-008666
db:	CNNVD	id:	CNNVD-202301-081
db:	NVD	id:	CVE-2015-10010

LAST UPDATE DATE

2024-08-14T14:30:48.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-450419	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2015-10010	date:	2023-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-008666	date:	2023-03-17T03:05:00
db:	CNNVD	id:	CNNVD-202301-081	date:	2023-01-10T00:00:00
db:	NVD	id:	CVE-2015-10010	date:	2024-05-17T01:02:57.463

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-450419	date:	2023-01-02T00:00:00
db:	VULMON	id:	CVE-2015-10010	date:	2023-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-008666	date:	2023-03-17T00:00:00
db:	CNNVD	id:	CNNVD-202301-081	date:	2023-01-02T00:00:00
db:	NVD	id:	CVE-2015-10010	date:	2023-01-02T21:15:10.207