cvelist/2016/2xxx/CVE-2016-2058.json

{
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-2058",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",
                "refsource": "BUGTRAQ",
                "url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"
            },
            {
                "name": "https://sourceforge.net/p/xymon/code/7892/",
                "refsource": "CONFIRM",
                "url": "https://sourceforge.net/p/xymon/code/7892/"
            },
            {
                "name": "DSA-3495",
                "refsource": "DEBIAN",
                "url": "http://www.debian.org/security/2016/dsa-3495"
            },
            {
                "name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",
                "refsource": "MISC",
                "url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"
            }
        ]
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 03:01:02 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "cve@mitre.org",`
			`"ID": "CVE-2016-2058",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "n/a",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 03:01:02 +00:00			`"lang": "eng",`
			`"value": "Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the \"detailed status\" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the \"status\" page."`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
"-Synchronized-Data." 2019-03-18 03:01:02 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "20160214 Xymon: Critical security issues in all versions prior to 4.3.25",`
			`"refsource": "BUGTRAQ",`
			`"url": "http://www.securityfocus.com/archive/1/537522/100/0/threaded"`
			`},`
			`{`
			`"name": "https://sourceforge.net/p/xymon/code/7892/",`
			`"refsource": "CONFIRM",`
			`"url": "https://sourceforge.net/p/xymon/code/7892/"`
			`},`
			`{`
			`"name": "DSA-3495",`
			`"refsource": "DEBIAN",`
			`"url": "http://www.debian.org/security/2016/dsa-3495"`
			`},`
			`{`
			`"name": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html",`
			`"refsource": "MISC",`
			`"url": "http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html"`
			`}`
			`]`
			`}`
			`}`