CVE-2017-17832 - OpenCVE

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Serverscheck	Monitoring Software

Configuration 1 [-]

cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html
https://serverscheck.com/monitoring-software/release.asp

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-22T18:00:00

Updated: 2024-08-05T21:06:48.298Z

Reserved: 2017-12-21T00:00:00

Link: CVE-2017-17832

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-27T17:08:19.577

Modified: 2018-01-17T16:27:28.040

Link: CVE-2017-17832

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-22T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://serverscheck.com/monitoring-software/release.asp"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17832", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html"}, {"name": "https://serverscheck.com/monitoring-software/release.asp", "refsource": "CONFIRM", "url": "https://serverscheck.com/monitoring-software/release.asp"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:06:48.298Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://serverscheck.com/monitoring-software/release.asp"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17832", "datePublished": "2017-12-22T18:00:00", "dateReserved": "2017-12-21T00:00:00", "dateUpdated": "2024-08-05T21:06:48.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:serverscheck:monitoring_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DDD05F4-3119-4075-9D70-3A64A8AD92A9", "versionEndExcluding": "14.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page)."}, {"lang": "es", "value": "ServersCheck Monitoring Software en versiones anteriores a la 14.2.3 es propenso a vulnerabilidades de tipo Cross-Site Scripting (XSS) debido a que los datos proporcionados por el usuario no se validan o sanean cuando se pasan en el par\u00e1metro settings_SMS_ALERT_TYPE y se puede ejecutar JavaScript en settings-save.html (la p\u00e1gina Settings - SMS Alerts)."}], "id": "CVE-2017-17832", "lastModified": "2018-01-17T16:27:28.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-27T17:08:19.577", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/145517/ServersCheck-Monitoring-Software-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory", "Release Notes"], "url": "https://serverscheck.com/monitoring-software/release.asp"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}