Lucene search

[email protected]CVE-2014-100038

HistoryJan 13, 2015 - 3:59 p.m.

CVE-2014-100038

2015-01-1315:59:39

CWE-79

[email protected]

web.nvd.nist.gov

403

cve

cross-site scripting

xss

vulnerability

storytlr

nvd

security

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.

Affected configurations

NVD

Node

storytlrstorytlrRange≤1.3dev

CPENameOperatorVersion
storytlr:storytlrstorytlrle1.3

CPE	Name	Operator	Version
storytlr:storytlr	storytlr	le	1.3

References

secunia.com/advisories/57182

exchange.xforce.ibmcloud.com/vulnerabilities/91762

www.netsparker.com/critical-xss-vulnerabilities-in-storytlr/

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2014-100038

cvelist1 prion1 nvd1