Lucene search

[email protected]CVE-2013-2025

HistoryApr 25, 2014 - 5:12 p.m.

CVE-2013-2025

2014-04-2517:12:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-2025

cross-site scripting

xss

ushahidi platform

web script

html

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

ushahidiushahidi_platformMatch2.5

ushahidiushahidi_platformMatch2.6

ushahidiushahidi_platformMatch2.6.1

CPENameOperatorVersion
ushahidi:ushahidi_platformushahidi ushahidi platformeq2.5
ushahidi:ushahidi_platformushahidi ushahidi platformeq2.6
ushahidi:ushahidi_platformushahidi ushahidi platformeq2.6.1

CPE	Name	Operator	Version
ushahidi:ushahidi_platform	ushahidi ushahidi platform	eq	2.5
ushahidi:ushahidi_platform	ushahidi ushahidi platform	eq	2.6
ushahidi:ushahidi_platform	ushahidi ushahidi platform	eq	2.6.1

References

www.securityfocus.com/bid/59410

github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56

github.com/ushahidi/Ushahidi_Web/issues/1009

github.com/ushahidi/Ushahidi_Web/pull/1056

wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for CVE-2013-2025

cvelist1 prion1 nvd1