ByteOS Network

NVD Vulnerability Details :

CVE-2015-10074

Modified

Source-cna@vuldb.com

Published At-07 Feb, 2023 | 10:15

Updated At-17 May, 2024 | 01:03

A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The patch is identified as 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary	3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Secondary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Type: Secondary

Version: 2.0

Base score: 4.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:N

CPE Matches

openseamap>>online_chart>>1.2

cpe:2.3:a:openseamap:online_chart:1.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	cna@vuldb.com

CWE ID: CWE-79

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/OpenSeaMap/online_chart/commit/8649157158f921590d650e2d2f4bdf0df1017e9d	cna@vuldb.com	Patch
https://github.com/OpenSeaMap/online_chart/pull/70	cna@vuldb.com	Patch
https://github.com/OpenSeaMap/online_chart/releases/tag/staging	cna@vuldb.com	Patch
https://vuldb.com/?ctiid.220218	cna@vuldb.com	Permissions Required
https://vuldb.com/?id.220218	cna@vuldb.com	Third Party Advisory