CVE-2017-16356 - Vulnerability Details - OpenCVE

Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kubik-rubik	Simple Image Gallery Extended

Configuration 1 [-]

cpe:2.3:a:kubik-rubik:simple_image_gallery_extended:*:*:*:*:*:joomla\!:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html
https://www.exploit-db.com/exploits/44104/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-20T15:00:00

Updated: 2024-08-05T20:20:05.636Z

Reserved: 2017-11-01T00:00:00

Link: CVE-2017-16356

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-20T15:29:00.303

Modified: 2024-11-21T03:16:19.263

Link: CVE-2017-16356

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-20T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "44104", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44104/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2017-16356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44104", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44104/"}, {"name": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:20:05.636Z"}, "title": "CVE Program Container", "references": [{"name": "44104", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44104/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-16356", "datePublished": "2018-02-20T15:00:00", "dateReserved": "2017-11-01T00:00:00", "dateUpdated": "2024-08-05T20:20:05.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubik-rubik:simple_image_gallery_extended:*:*:*:*:*:joomla\\!:*:*", "matchCriteriaId": "715A8B44-6503-4054-9C2D-F2951CAAFBCB", "versionEndExcluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter."}, {"lang": "es", "value": "Cross-Site Scripting (XSS) reflejado en Kubik-Rubik SIGE (Simple Image Gallery Extended), en versiones anteriores a la 3.3.0, permite que atacantes ejecuten JavaScript en el navegador de la v\u00edctima haciendo que visite un enlace plugins/content/sige/plugin_sige/print.php con un par\u00e1metro img, name o caption manipulado."}], "id": "CVE-2017-16356", "lastModified": "2024-11-21T03:16:19.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2018-02-20T15:29:00.303", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44104/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44104/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}