CVE-2017-9813

MEDIUM

Kaspersky Anti-Virus for Linux File Server <8.0.4.312 - XSS

Title source: llm

Description

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappslinux

https://www.exploit-db.com/exploits/42269

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/143190/Kaspersky-Anti-Virus-File-Server-8.0.3.297-XSS-CSRF-Code-Execution.html

[Exploit, Mailing List, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2017/Jun/33

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99330

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038798

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/kaspersky-anti-virus-file-server-multiple-vulnerabilities

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42269/

Scores

CVSS v3 6.1

EPSS 0.0367

EPSS Percentile 87.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (1)

kaspersky/anti-virus_for_linux_server < 8.0.3.297

Timeline

Published Jul 17, 2017

Tracked Since Feb 18, 2026