CVE-2015-3976: XSS
First published: Mon Aug 28 2017(Updated: )
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Multilink ML810 Firmware | =5.2.0 | |
| Ge Multilink ML810 Firmware | ||
| GE Multilink ML3000 | <=5.2.0 | |
| Netgenius Multilink | ||
| GE Multilink ML3100 Firmware | <=5.2.0 | |
| Netgenius Multilink | ||
| Ge Multilink ML800 Firmware | =4.2.1 | |
| Ge Multilink ML800 Firmware | ||
| GE Multilink ML1200 Firmware | =4.2.1 | |
| Netgenius Multilink | ||
| GE Multilink ML1600 Firmware | =4.2.1 | |
| Netgenius Multilink | ||
| GE Multilink ML2400 | =4.2.1 | |
| Netgenius Multilink |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-3976?
CVE-2015-3976 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2015-3976?
To mitigate CVE-2015-3976, update to versions of GE Multilink firmware that are later than 5.2.0 for ML810/3000/3100 and later than 4.2.1 for ML800/1200/1600/2400.
What products are affected by CVE-2015-3976?
CVE-2015-3976 affects GE Multilink ML810, ML3000, ML3100 series switches running firmware version 5.2.0 and earlier, as well as ML800, ML1200, ML1600, and ML2400 running version 4.2.1 and earlier.
What type of attack does CVE-2015-3976 facilitate?
CVE-2015-3976 facilitates cross-site scripting (XSS) attacks, allowing attackers to execute arbitrary JavaScript in the context of the victim's browser.
Is there a workaround for CVE-2015-3976?
There are no documented workarounds for CVE-2015-3976; upgrading the firmware is necessary for a permanent fix.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ge
- canonical/ge multilink ml810 firmware
- version/ge multilink ml810 firmware/5.2.0
- canonical/ge multilink ml3000
- version/ge multilink ml3000/5.2.0
- canonical/netgenius multilink
- canonical/ge multilink ml3100 firmware
- version/ge multilink ml3100 firmware/5.2.0
- canonical/ge multilink ml800 firmware
- version/ge multilink ml800 firmware/4.2.1
- canonical/ge multilink ml1200 firmware
- version/ge multilink ml1200 firmware/4.2.1
- canonical/ge multilink ml1600 firmware
- version/ge multilink ml1600 firmware/4.2.1
- canonical/ge multilink ml2400
- version/ge multilink ml2400/4.2.1