Lucene search

[email protected]CVE-2014-100036

HistoryJan 13, 2015 - 3:59 p.m.

CVE-2014-100036

2015-01-1315:59:36

CWE-79

[email protected]

web.nvd.nist.gov

cve

2014

100036

cross-site scripting

xss

vulnerability

flatpress

remote attackers

web script

html

content parameter

uri

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter to the default URI.

Affected configurations

NVD

Node

flatpressflatpressMatch1.0.2

CPENameOperatorVersion
flatpress:flatpressflatpresseq1.0.2

CPE	Name	Operator	Version
flatpress:flatpress	flatpress	eq	1.0.2

References

secunia.com/advisories/57808

exchange.xforce.ibmcloud.com/vulnerabilities/92538

github.com/evacchi/flatpress/issues/14

www.netsparker.com/critical-xss-vulnerabilities-in-flatpress/

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2014-100036

prion1 nvd1 cvelist1