- Description
- Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dflabs:ptk:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBFB91D9-2A63-4693-B945-6657CBB3C8CB"
},
{
"criteria": "cpe:2.3:a:dflabs:ptk:1.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7788956-AF55-4AE2-AD75-1E862ED0DF34"
},
{
"criteria": "cpe:2.3:a:dflabs:ptk:1.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F021F40-6D3C-4577-B0F6-1D53A5836CDB"
},
{
"criteria": "cpe:2.3:a:dflabs:ptk:1.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C34A4D7-A2DC-4FFC-8F31-A5EB9B297C91"
},
{
"criteria": "cpe:2.3:a:dflabs:ptk:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DD0A3FF-7218-4CE9-9F0E-A68D1B3D7A07"
}
],
"operator": "OR"
}
]
}
]