ID

VAR-200604-0404


CVE

CVE-2006-1574


TITLE

Hitachi Groupmax Desktop for Scheduler World Wide Web Unknown Cross-Site Scripting Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-1972

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.71

sources: NVD: CVE-2006-1574 // CNVD: CNVD-2006-1972 // BID: 17337

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1972

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax world wide web desktop schedulerscope:eqversion:5

Trust: 1.6

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:5

Trust: 1.6

vendor:hitachimodel:groupmax world wide web schedulerscope:eqversion:3

Trust: 1.6

vendor:hitachimodel:groupmax world wide webscope:eqversion:2

Trust: 1.6

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:6

Trust: 1.6

vendor:hitachimodel:groupmax world wide webscope:eqversion:3

Trust: 1.6

vendor:hitachimodel:groupmax world wide web schedulerscope:eqversion:2

Trust: 1.6

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:*

Trust: 1.0

vendor:groupmaxmodel:world wide web hitachiscope:eqversion:2

Trust: 0.6

vendor:groupmaxmodel:world wide web hitachiscope:eqversion:3

Trust: 0.6

vendor:hitachimodel:groupmax world wide web desktopscope: - version: -

Trust: 0.6

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:03-11

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:03-10

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for scheduler 02-31-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:02-20

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:02-10

Trust: 0.3

vendor:hitachimodel:groupmax world wide web for schedulerscope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for scheduler 05-11-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for schedulerscope:eqversion:05-11

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for schedulerscope:eqversion:05-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for jichitai 06-52-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for jichitaiscope:eqversion:06-52

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop for jichitaiscope:eqversion:06-51

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-52-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-52-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-52-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:06-52

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-51-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-51-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:06-51

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-50-/cscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-50-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:06-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 05-11-/jscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 05-11-/iscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 05-11-/fscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktopscope:eqversion:05-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 03-11-/bscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 03-10-/hscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide webscope:eqversion:03-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 02-31-/iscope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 02-31-/escope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 02-20-/ascope: - version: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide webscope:eqversion:02-20

Trust: 0.3

vendor:hitachimodel:groupmax world wide webscope:eqversion:02-10

Trust: 0.3

vendor:hitachimodel:groupmax world wide webscope:eqversion:02-00

Trust: 0.3

vendor:hitachimodel:groupmax world wide web desktop 06-52-/fscope:neversion: -

Trust: 0.3

vendor:hitachimodel:groupmax world wide web 06-52-/fscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-1574
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2006-1972
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200603-521
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2006-1574
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1972
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-1972 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200603-521

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200603-521

EXTERNAL IDS

db:BIDid:17337

Trust: 2.5

db:NVDid:CVE-2006-1574

Trust: 2.2

db:HITACHIid:HS06-005

Trust: 1.9

db:VUPENid:ADV-2006-1180

Trust: 1.6

db:SECUNIAid:19483

Trust: 1.6

db:OSVDBid:24295

Trust: 1.6

db:CNVDid:CNVD-2006-1972

Trust: 0.6

db:XFid:25574

Trust: 0.6

db:CNNVDid:CNNVD-200603-521

Trust: 0.6

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

REFERENCES

url:http://www.securityfocus.com/bid/17337

Trust: 2.2

url:http://www.hitachi-support.com/security_e/vuls_e/hs06-005_e/index-e.html

Trust: 1.9

url:http://secunia.com/advisories/19483

Trust: 1.6

url:http://www.osvdb.org/24295

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/25574

Trust: 1.0

url:http://www.vupen.com/english/advisories/2006/1180

Trust: 1.0

url:http://www.frsirt.com/english/advisories/2006/1180

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/25574

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/prod/groupmax/index.html

Trust: 0.3

sources: CNVD: CNVD-2006-1972 // BID: 17337 // CNNVD: CNNVD-200603-521 // NVD: CVE-2006-1574

CREDITS

The vendor disclosed this issue.

Trust: 0.9

sources: BID: 17337 // CNNVD: CNNVD-200603-521

SOURCES

db:CNVDid:CNVD-2006-1972
db:BIDid:17337
db:CNNVDid:CNNVD-200603-521
db:NVDid:CVE-2006-1574

LAST UPDATE DATE

2024-11-23T22:50:27.770000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-1972date:2006-03-31T00:00:00
db:BIDid:17337date:2006-04-03T17:58:00
db:CNNVDid:CNNVD-200603-521date:2006-04-03T00:00:00
db:NVDid:CVE-2006-1574date:2024-11-21T00:09:12.953

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-1972date:2006-03-31T00:00:00
db:BIDid:17337date:2006-03-31T00:00:00
db:CNNVDid:CNNVD-200603-521date:2006-03-31T00:00:00
db:NVDid:CVE-2006-1574date:2006-04-01T00:04:00