Vulnerability-Lookup

CVE-2017-16015 (GCVE-0-2017-16015)

Vulnerability from cvelistv5 – Published: 2018-06-04 19:00 – Updated: 2024-09-16 22:56

Summary

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting

Severity ?

No CVSS data available.

CWE

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

Assigner

hackerone

References

URL

Tags

	https://github.com/caolan/forms/commit/bc01e534a0…	x_refsource_MISC
	https://nodesecurity.io/advisories/158	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	HackerOne	forms node module	Affected: <1.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:13:06.404Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://nodesecurity.io/advisories/158"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "forms node module",
          "vendor": "HackerOne",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c1.3.0"
            }
          ]
        }
      ],
      "datePublic": "2018-04-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-04T18:57:01.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://nodesecurity.io/advisories/158"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "DATE_PUBLIC": "2018-04-26T00:00:00",
          "ID": "CVE-2017-16015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "forms node module",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c1.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HackerOne"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
              "refsource": "MISC",
              "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
            },
            {
              "name": "https://nodesecurity.io/advisories/158",
              "refsource": "MISC",
              "url": "https://nodesecurity.io/advisories/158"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2017-16015",
    "datePublished": "2018-06-04T19:00:00.000Z",
    "dateReserved": "2017-10-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:56:32.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2017-16015

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-16015

Aliases

CVE-2017-16015

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-16015",
    "description": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting",
    "id": "GSD-2017-16015"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-16015"
      ],
      "details": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting",
      "id": "GSD-2017-16015",
      "modified": "2023-12-13T01:21:00.689431Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "DATE_PUBLIC": "2018-04-26T00:00:00",
        "ID": "CVE-2017-16015",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "forms node module",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c1.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HackerOne"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
            "refsource": "MISC",
            "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
          },
          {
            "name": "https://nodesecurity.io/advisories/158",
            "refsource": "MISC",
            "url": "https://nodesecurity.io/advisories/158"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.3.0",
          "affected_versions": "All versions before 1.3.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.",
          "fixed_versions": [
            "1.3.0"
          ],
          "identifier": "CVE-2017-16015",
          "identifiers": [
            "CVE-2017-16015"
          ],
          "not_impacted": "All versions starting from 1.3.0",
          "package_slug": "npm/forms",
          "pubdate": "2018-06-04",
          "solution": "Upgrade to version 1.3.0 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-16015"
          ],
          "uuid": "afd7a1bf-7c5d-4539-9401-33323b6cc82c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:forms_project:forms:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2017-16015"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodesecurity.io/advisories/158",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://nodesecurity.io/advisories/158"
            },
            {
              "name": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-10-09T23:24Z",
      "publishedDate": "2018-06-04T19:29Z"
    }
  }
}

FKIE_CVE-2017-16015

Vulnerability from fkie_nvd - Published: 2018-06-04 19:29 - Updated: 2024-11-21 03:15

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
support@hackerone.com	https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d	Patch
support@hackerone.com	https://nodesecurity.io/advisories/158	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d	Patch
af854a3a-2127-422b-91ae-364da2661108	https://nodesecurity.io/advisories/158	Third Party Advisory

Impacted products

	Vendor	Product	Version
	forms_project	forms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:forms_project:forms:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "10A11156-1800-4EDD-9645-CB77601B5257",
              "versionEndExcluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting"
    },
    {
      "lang": "es",
      "value": "Forms es una biblioteca para crear formularios HTML f\u00e1cilmente. Las versiones anteriores a la 1.3.0 no contaban con un escapado HTML adecuado. Esto significa que, si la aplicaci\u00f3n no saneaba c\u00f3digo html en representaci\u00f3n de los formularios, su uso podr\u00eda ser vulnerable a Cross-Site Scripting (XSS)."
    }
  ],
  "id": "CVE-2017-16015",
  "lastModified": "2024-11-21T03:15:40.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-04T19:29:00.977",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/158"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VWJJ-2852-3765

Vulnerability from github – Published: 2018-11-09 17:46 – Updated: 2023-09-07 18:28

Summary

Cross-Site Scripting in forms

Details

Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting.

Recommendation

Update to version 1.3.0 or later.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "forms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-16015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:58:34Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Affected versions of `forms` do not properly escape HTML in generated forms, which may result in cross-site scripting.\n\n\n## Recommendation\n\nUpdate to version 1.3.0 or later.",
  "id": "GHSA-vwjj-2852-3765",
  "modified": "2023-09-07T18:28:05Z",
  "published": "2018-11-09T17:46:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16015"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-vwjj-2852-3765"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-Site Scripting in forms"
}

CNVD-2018-14355

Vulnerability from cnvd - Published: 2018-08-01

Title

Forms跨站脚本漏洞

Description

Forms是一个用于在Node.js中创建、解析和验证表单的工具。 Forms 1.3.0之前版本中存在跨站脚本漏洞，该漏洞源于程序未能正确的转义HTML。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

Forms跨站脚本漏洞的补丁

Patch Description

Forms是一个用于在Node.js中创建、解析和验证表单的工具。 Forms 1.3.0之前版本中存在跨站脚本漏洞，该漏洞源于程序未能正确的转义HTML。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

Reference

https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

Impacted products

Name
Forms Forms <1.3.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-16015",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16015"
    }
  },
  "description": "Forms\u662f\u4e00\u4e2a\u7528\u4e8e\u5728Node.js\u4e2d\u521b\u5efa\u3001\u89e3\u6790\u548c\u9a8c\u8bc1\u8868\u5355\u7684\u5de5\u5177\u3002\r\n\r\nForms 1.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8f6c\u4e49HTML\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-14355",
  "openTime": "2018-08-01",
  "patchDescription": "Forms\u662f\u4e00\u4e2a\u7528\u4e8e\u5728Node.js\u4e2d\u521b\u5efa\u3001\u89e3\u6790\u548c\u9a8c\u8bc1\u8868\u5355\u7684\u5de5\u5177\u3002\r\n\r\nForms 1.3.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u8f6c\u4e49HTML\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Forms\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Forms Forms  \u003c1.3.0"
  },
  "referenceLink": "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-15",
  "title": "Forms\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-16015 (GCVE-0-2017-16015)

GSD-2017-16015

FKIE_CVE-2017-16015

GHSA-VWJJ-2852-3765

Recommendation

CNVD-2018-14355

Tags

Sightings

Nomenclature