fkie_nvd - fkie_cve-2017-2172

fkie_cve-2017-2172

Vulnerability from fkie_nvd

Published

2017-07-07 13:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN56588965/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://support.cybozu.com/ja-jp/article/9909	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN56588965/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.cybozu.com/ja-jp/article/9909	Vendor Advisory

Impacted products

Vendor	Product	Version
cybozu	kunai	3.0.0
cybozu	kunai	3.0.1
cybozu	kunai	3.0.2
cybozu	kunai	3.0.3
cybozu	kunai	3.0.4
cybozu	kunai	3.0.5
cybozu	kunai	3.0.5.1
cybozu	kunai	3.0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:android:*:*",
              "matchCriteriaId": "307BB9E0-4DFC-4791-A40A-C97096566397",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-site scripting  en Cybozu KUNAI para Android versi\u00f3n 3.0.0 hasta 3.0.6, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2017-2172",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-07T13:29:00.287",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-2172 (GCVE-0-2017-2172)

Vulnerability from cvelistv5

Published

2017-07-07 13:00