CVE-2017-2172
Published Jul 7, 2017
Last updated 7 years ago
Overview
- Description
- Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D"
},
{
"criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "307BB9E0-4DFC-4791-A40A-C97096566397"
}
],
"operator": "OR"
}
]
}
]