Lucene search

K
cve[email protected]CVE-2014-1994
HistoryJul 20, 2014 - 11:12 a.m.

CVE-2014-1994

2014-07-2011:12:49
CWE-79
web.nvd.nist.gov
20
cybozu garoon
xss
vulnerability
nvd
remote authenticated users
web script
html

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD
Node
cybozugaroonMatch2.0.0
OR
cybozugaroonMatch2.1.0
OR
cybozugaroonMatch2.1.1
OR
cybozugaroonMatch2.1.2
OR
cybozugaroonMatch2.1.3
OR
cybozugaroonMatch2.5.0
OR
cybozugaroonMatch2.5.1
OR
cybozugaroonMatch2.5.2
OR
cybozugaroonMatch2.5.3
OR
cybozugaroonMatch2.5.4
OR
cybozugaroonMatch3.0.0
OR
cybozugaroonMatch3.0.1
OR
cybozugaroonMatch3.0.2
OR
cybozugaroonMatch3.0.3
OR
cybozugaroonMatch3.1.0
OR
cybozugaroonMatch3.1.1
OR
cybozugaroonMatch3.1.2
OR
cybozugaroonMatch3.1.3
OR
cybozugaroonMatch3.5.0
OR
cybozugaroonMatch3.5.1
OR
cybozugaroonMatch3.5.2
OR
cybozugaroonMatch3.5.3
OR
cybozugaroonMatch3.5.4
OR
cybozugaroonMatch3.5.5
OR
cybozugaroonMatch3.7sp1
OR
cybozugaroonMatch3.7sp2
OR
cybozugaroonMatch3.7sp3

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

Related for CVE-2014-1994