Cross-Site Scripting in Ericsson Drutt Mobile Service Delivery Platform
CVE-2015-2165

Currently unrated

Key Information:

Vendor: Ericsson
Status: Drutt Mobile Service Delivery Platform
Vendor: CVE Published:; 6 April 2015

What is CVE-2015-2165?

Multiple cross-site scripting (XSS) vulnerabilities exist within the Report Viewer component of the Ericsson Drutt Mobile Service Delivery Platform (MSDP) across versions 4.x, 5.x, and 6.x. These vulnerabilities facilitate remote attackers to inject arbitrary web scripts or HTML by exploiting various parameters across multiple JSP pages. This allows for the potential compromise of user data or session hijacking, highlighting the need for immediate security measures to mitigate such risks.

References

http://www.securityfocus.com/bid/73933

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/131232/Ericsson-Drut...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2015
Vulnerability Reserved
Mar 1, 2015