NVD

Id
86470  
Name
CVE-2017-7296  
Description
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-06-12  
Published
2017-05-27  
Modified Date
2017-06-06  
Seq
2017-7296  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
419748 86470 CVE-2017-7878 https://github.com/flatCore/flatCore-CMS/issues/29  View
419749 86470 CVE-2017-7878 https://github.com/flatCore/flatCore-CMS/issues/29  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
68186 JVNDB-2017-004443 Contiki Operating System におけるクロスサイトスクリプティングの脆弱性 Contiki Operating System には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2017-7296 0 CVE-2017-7296 86470 4.3 6.1 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004443.html 2017-05-28 2017-06-26 View