← Back

CVE-2018-0614

nvd nist
Published: Jul 26, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (8)

Necplatforms
8 products
Calsos Csdx Firmware
Calsos Csdx(p) Firmware
Calsos Csdx(s) Firmware
Calsos Csdx(d) Firmware
Calsos Csdj B Firmware
Calsos Csdj D Firmware
Calsos Csdj H Firmware
Calsos Csdj A Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdx Firmware
Up to 1.37210411
Running on/withPlatform Versions
Necplatforms
Calsos Csdx
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdx(p) Firmware
Up to 4.37210411
Running on/withPlatform Versions
Necplatforms
Calsos Csdx(p)
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdx(s) Firmware
Up to 2.37210411
Running on/withPlatform Versions
Necplatforms
Calsos Csdx(s)
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdx(d) Firmware
Up to 3.37210411
Running on/withPlatform Versions
Necplatforms
Calsos Csdx(d)
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdj B Firmware
Up to 01.03.00
Running on/withPlatform Versions
Necplatforms
Calsos Csdj B
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdj D Firmware
Up to 01.03.00
Running on/withPlatform Versions
Necplatforms
Calsos Csdj D
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdj H Firmware
Up to 01.03.00
Running on/withPlatform Versions
Necplatforms
Calsos Csdj H
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Calsos Csdj A Firmware
Up to 03.00.00
Running on/withPlatform Versions
Necplatforms
Calsos Csdj A
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.