CVE-2014-0338

2014-03-1614:06:45

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-0338

cross-site scripting

xss

watchguard fireware xtm

vulnerabilities

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter.

Affected configurations

NVD

Node

watchguardfirewareRange≤11.8.1

watchguardfirewareMatch11.6

watchguardfirewareMatch11.6.1

watchguardfirewareMatch11.6.3

watchguardfirewareMatch11.6.5

watchguardfirewareMatch11.6.6

watchguardfirewareMatch11.7

watchguardfirewareMatch11.7.2

watchguardfirewareMatch11.7.3

watchguardfirewareMatch11.7.4

watchguardfirewareMatch11.8

CPENameOperatorVersion
watchguard:firewarewatchguard firewarele11.8.1
watchguard:firewarewatchguard firewareeq11.6
watchguard:firewarewatchguard firewareeq11.6.1
watchguard:firewarewatchguard firewareeq11.6.3
watchguard:firewarewatchguard firewareeq11.6.5
watchguard:firewarewatchguard firewareeq11.6.6
watchguard:firewarewatchguard firewareeq11.7
watchguard:firewarewatchguard firewareeq11.7.2
watchguard:firewarewatchguard firewareeq11.7.3
watchguard:firewarewatchguard firewareeq11.7.4

CPE	Name	Operator	Version
watchguard:fireware	watchguard fireware	le	11.8.1
watchguard:fireware	watchguard fireware	eq	11.6
watchguard:fireware	watchguard fireware	eq	11.6.1
watchguard:fireware	watchguard fireware	eq	11.6.3
watchguard:fireware	watchguard fireware	eq	11.6.5
watchguard:fireware	watchguard fireware	eq	11.6.6
watchguard:fireware	watchguard fireware	eq	11.7
watchguard:fireware	watchguard fireware	eq	11.7.2
watchguard:fireware	watchguard fireware	eq	11.7.3
watchguard:fireware	watchguard fireware	eq	11.7.4