Lucene search
CVE-2014-125027
Vulnerability in Yuna Scatari TBDev 2.1.17 allows remote attackers to launch cross site scripting via manipulated usersearch.php
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2014-125027 Yuna Scatari TBDev usersearch.php get_user_icons cross site scripting | 31 Dec 202215:12 | – | cvelist |
 | Cross site scripting | 31 Dec 202216:15 | – | prion |
 | CVE-2014-125027 | 31 Dec 202216:15 | – | nvd |
Node
[
{
"vendor": "Yuna Scatari",
"product": "TBDev",
"versions": [
{
"version": "2.1.0",
"status": "affected"
},
{
"version": "2.1.1",
"status": "affected"
},
{
"version": "2.1.2",
"status": "affected"
},
{
"version": "2.1.3",
"status": "affected"
},
{
"version": "2.1.4",
"status": "affected"
},
{
"version": "2.1.5",
"status": "affected"
},
{
"version": "2.1.6",
"status": "affected"
},
{
"version": "2.1.7",
"status": "affected"
},
{
"version": "2.1.8",
"status": "affected"
},
{
"version": "2.1.9",
"status": "affected"
},
{
"version": "2.1.10",
"status": "affected"
},
{
"version": "2.1.11",
"status": "affected"
},
{
"version": "2.1.12",
"status": "affected"
},
{
"version": "2.1.13",
"status": "affected"
},
{
"version": "2.1.14",
"status": "affected"
},
{
"version": "2.1.15",
"status": "affected"
},
{
"version": "2.1.16",
"status": "affected"
},
{
"version": "2.1.17",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| n | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| r | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| r2 | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| em | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| ip | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| co | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| ma | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| d | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| d2 | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
| ul | query param | /usersearch.php | Cross Site Scripting vulnerability via user input in the parameters for the get_user_icons function. | CWE-79 |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Dec 2022 16:15Current
4.8Medium risk
Vulners AI Score4.8
CVSS24
CVSS33.5 - 6.1
EPSS0.00088