CVE-2015-8687

Name: CVE-2015-8687
Creator: NVD / NIST
Published: 2017-03-23T20:59:00.733+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.64%

Last modified Jun 17, 2026

CVE-2015-8687 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.. EPSS estimates a 0.64% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.

Metrics

EPSS Probability

0.64%

45.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Alcatel-Lucent	Motive Home Device Manager	<= 4.1.10.5

References

http://seclists.org/fulldisclosure/2016/Jan/0Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2016/Jan/0Third Party Advisory, VDB Entry

Timeline

Published: Mar 23, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-8687?

How severe is CVE-2015-8687?

Severity scoring for CVE-2015-8687 is pending analysis. The EPSS model estimates a 0.64% probability of exploitation in the next 30 days.

How do I fix CVE-2015-8687?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-8687?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST