CVE-2016-10245

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00000.html

http://www.securityfocus.com/bid/108476

http://www.stack.nl/~dimitri/doxygen/manual/changelog.html#log_1_8_12

https://bugzilla.gnome.org/show_bug.cgi?id=762934

https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081

https://lists.debian.org/debian-lts-announce/2019/05/msg00046.html

https://usn.ubuntu.com/4002-1/

Details

Source: MITRE

Published: 2019-05-24

Updated: 2019-06-03

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:doxygen:doxygen:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
149130EulerOS 2.0 SP3 : doxygen (EulerOS-SA-2021-1776)NessusHuawei Local Security Checks
medium
146734EulerOS 2.0 SP2 : doxygen (EulerOS-SA-2021-1289)NessusHuawei Local Security Checks
medium
146152EulerOS 2.0 SP5 : doxygen (EulerOS-SA-2021-1186)NessusHuawei Local Security Checks
medium
143898NewStart CGSL CORE 5.05 / MAIN 5.05 : doxygen Vulnerability (NS-SA-2020-0107)NessusNewStart CGSL Local Security Checks
medium
143888NewStart CGSL CORE 5.04 / MAIN 5.04 : doxygen Vulnerability (NS-SA-2020-0073)NessusNewStart CGSL Local Security Checks
medium
141957Amazon Linux 2 : doxygen (ALAS-2020-1508)NessusAmazon Linux Local Security Checks
medium
139092Amazon Linux AMI : doxygen (ALAS-2020-1412)NessusAmazon Linux Local Security Checks
medium
135806Scientific Linux Security Update : doxygen on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
medium
135320CentOS 7 : doxygen (CESA-2020:1034)NessusCentOS Local Security Checks
medium
135075RHEL 7 : doxygen (RHSA-2020:1034)NessusRed Hat Local Security Checks
medium
126062SUSE SLED12 Security Update : doxygen (SUSE-SU-2019:1570-1)NessusSuSE Local Security Checks
medium
125704Ubuntu 16.04 LTS : doxygen vulnerability (USN-4002-1)NessusUbuntu Local Security Checks
medium
125671openSUSE Security Update : doxygen (openSUSE-2019-1486)NessusSuSE Local Security Checks
medium
125644Debian DLA-1812-1 : doxygen security updateNessusDebian Local Security Checks
medium