Lucene search
CVE-2014-1877
Multiple XSS vulnerabilities in Dokeos 2.1.1, allowing remote attackers to inject arbitrary web script or HTML
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2014-1877 | 13 Mar 201414:00 | – | cvelist |
 | Cross site scripting | 13 Mar 201414:55 | – | prion |
 | CVE-2014-1877 | 13 Mar 201414:55 | – | nvd |
Node
| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/65416 |
| exchange | www.exchange.xforce.ibmcloud.com/vulnerabilities/91295 |
| seclists | www.seclists.org/oss-sec/2014/q1/258 |
| xchg | www.xchg.info/ |
| seclists | www.seclists.org/oss-sec/2014/q1/286 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| Phone | request body | main/auth/profile.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via user input fields. | CWE-79 |
| Street | request body | main/auth/profile.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via user input fields. | CWE-79 |
| Address line | request body | main/auth/profile.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via user input fields. | CWE-79 |
| Zip code | request body | main/auth/profile.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via user input fields. | CWE-79 |
| City | request body | main/auth/profile.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via user input fields. | CWE-79 |
| Subject | request body | main/social/groups.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via the subject field. | CWE-79 |
| Message body | request body | main/messages/view_message.php | Cross-site scripting (XSS) vulnerability that allows injection of arbitrary web script or HTML via the message body field. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Mar 2014 14:55Current
5.9Medium risk
Vulners AI Score5.9
CVSS24.3
EPSS0.0084