CVE-2016-15022

Summary

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue. The patch is named 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.

Affected Software

VendorProductVersion RangeStatus
mosbthcimage0.7.0affected
mosbthcimage0.7.1affected
mosbthcimage0.7.2affected
mosbthcimage0.7.3affected
mosbthcimage0.7.4affected
mosbthcimage0.7.5affected
mosbthcimage0.7.6affected
mosbthcimage0.7.7affected
mosbthcimage0.7.8affected
mosbthcimage0.7.9affected
mosbthcimage0.7.10affected
mosbthcimage0.7.11affected
mosbthcimage0.7.12affected
mosbthcimage0.7.13affected
mosbthcimage0.7.14affected
mosbthcimage0.7.15affected
mosbthcimage0.7.16affected
mosbthcimage0.7.17affected
mosbthcimage0.7.18affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References