CVE-2009-0917 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dflabs	Ptk

Configuration 1 [-]

OR	cpe:2.3:a:dflabs:ptk:1.0.0:::::::*
	cpe:2.3:a:dflabs:ptk:1.0.1:::::::*
	cpe:2.3:a:dflabs:ptk:1.0.2:::::::*
	cpe:2.3:a:dflabs:ptk:1.0.3:::::::*
	cpe:2.3:a:dflabs:ptk:1.0.4:::::::*

No data.

References

Link	Providers
http://ptk.dflabs.com/faq.html
http://ptk.dflabs.com/security.html
http://secunia.com/advisories/34257
http://www.kb.cert.org/vuls/id/845747
http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ
http://www.securityfocus.com/bid/34111
https://exchange.xforce.ibmcloud.com/vulnerabilities/49236

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-16T19:00:00

Updated: 2024-08-07T04:57:16.413Z

Reserved: 2009-03-16T00:00:00

Link: CVE-2009-0917

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-16T19:30:00.563

Modified: 2024-11-21T01:01:13.163

Link: CVE-2009-0917

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ptk.dflabs.com/security.html"}, {"name": "34257", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34257"}, {"name": "VU#845747", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/845747"}, {"name": "34111", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34111"}, {"name": "ptk-unspecified-xss(49236)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"}, {"tags": ["x_refsource_MISC"], "url": "http://ptk.dflabs.com/faq.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0917", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ptk.dflabs.com/security.html", "refsource": "MISC", "url": "http://ptk.dflabs.com/security.html"}, {"name": "34257", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34257"}, {"name": "VU#845747", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/845747"}, {"name": "34111", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34111"}, {"name": "ptk-unspecified-xss(49236)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"}, {"name": "http://ptk.dflabs.com/faq.html", "refsource": "MISC", "url": "http://ptk.dflabs.com/faq.html"}, {"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ", "refsource": "MISC", "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:57:16.413Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ptk.dflabs.com/security.html"}, {"name": "34257", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34257"}, {"name": "VU#845747", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/845747"}, {"name": "34111", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34111"}, {"name": "ptk-unspecified-xss(49236)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ptk.dflabs.com/faq.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0917", "datePublished": "2009-03-16T19:00:00", "dateReserved": "2009-03-16T00:00:00", "dateUpdated": "2024-08-07T04:57:16.413Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dflabs:ptk:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BBFB91D9-2A63-4693-B945-6657CBB3C8CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:dflabs:ptk:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7788956-AF55-4AE2-AD75-1E862ED0DF34", "vulnerable": true}, {"criteria": "cpe:2.3:a:dflabs:ptk:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "3F021F40-6D3C-4577-B0F6-1D53A5836CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:dflabs:ptk:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C34A4D7-A2DC-4FFC-8F31-A5EB9B297C91", "vulnerable": true}, {"criteria": "cpe:2.3:a:dflabs:ptk:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7DD0A3FF-7218-4CE9-9F0E-A68D1B3D7A07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with \"no contact from / to internet.\""}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en DFLabs PTK v1.0.0 hasta v1.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n al proporcionar una imagen forense que contenga documentos HTML, que son visualizados en un navegador web durante la inspecci\u00f3n por PTK. NOTA: el vendedor expone que el producto est\u00e1 previsto para su uso en un laboratorio \"sin contacto desde/hacia Internet\"."}], "id": "CVE-2009-0917", "lastModified": "2024-11-21T01:01:13.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-03-16T19:30:00.563", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://ptk.dflabs.com/faq.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://ptk.dflabs.com/security.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34257"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/845747"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34111"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://ptk.dflabs.com/faq.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://ptk.dflabs.com/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/845747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/34111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49236"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}