Lucene search

[email protected]CVE-2013-2618

HistoryJun 05, 2014 - 8:55 p.m.

CVE-2013-2618

2014-06-0520:55:00

CWE-79

[email protected]

web.nvd.nist.gov

In Wild

cve-2013-2618

cross-site scripting

xss

network weathermap

editor.php

vulnerability

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.133 Low

EPSS

Percentile

95.5%

JSON

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

CPENameOperatorVersion
network-weathermap:.network_weathermapnetwork-weathermap .network weathermaple0.97

CPE	Name	Operator	Version
network-weathermap:.network_weathermap	network-weathermap .network weathermap	le	0.97

References

osvdb.org/91869

packetstormsecurity.com/files/121034/Network-Weathermap-0.97a-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2013/Apr/1

www.exploit-db.com/exploits/24913

www.network-weathermap.com/content/security-notice-cve-2013-2618-network-weathermap-097a-persistent-xss

www.securityfocus.com/bid/58793

exchange.xforce.ibmcloud.com/vulnerabilities/83187

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.133 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2013-2618

checkpoint_advisories1 seebug1 f51 prion1 attackerkb1 packetstorm1 exploitpack1 zdt1 exploitdb1