CVE-2016-1609

Published on: 07/31/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Certain versions of Filr from Novell contain the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

  • CVE-2016-1609 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.4 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED LOW LOW NONE

CVSS2 Score: 3.5 - LOW

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Downloads - Filr 2.0 - Security Update 2 Product
download.novell.com
text/html
URL Logo CONFIRM download.novell.com/Download?buildid=3V-3ArYN85I~
Downloads - Filr 1.2 - Security Update 3 Product
download.novell.com
text/html
URL Logo CONFIRM download.novell.com/Download?buildid=BOTiHcBFfv0~
Bugtraq: SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr Third Party Advisory
seclists.org
text/html
URL Logo BUGTRAQ 20160725 SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr
Support | Persistent XSS in Filr User Profile (CVE-2016-1609) Patch
Vendor Advisory
www.novell.com
text/html
URL Logo CONFIRM www.novell.com/support/kb/doc.php?id=7017787
Novell Filr Multiple Security Vulnerabilities cve.report (archive)
text/html
URL Logo BID 92113
Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 - Multiple Vulnerabilities www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40161

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationNovellFilrAllsecurity_update_2AllAll
ApplicationNovellFilrAllsecurity_update_1AllAll
  • cpe:2.3:a:novell:filr:*:security_update_2:*:*:*:*:*:*:
  • cpe:2.3:a:novell:filr:*:security_update_1:*:*:*:*:*:*: