CVE-2014-2947

2014-05-2220:55:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-2947

cross-site scripting

xss

bizagi bpm suite

txtusername parameter

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.6%

JSON

Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.

Affected configurations

NVD

Node

bizagibusiness_process_management_suiteRange≤10.2

bizagibusiness_process_management_suiteMatch10.0

bizagibusiness_process_management_suiteMatch10.0.1

bizagibusiness_process_management_suiteMatch10.1

CPENameOperatorVersion
bizagi:business_process_management_suitebizagi business process management suitele10.2
bizagi:business_process_management_suitebizagi business process management suiteeq10.0
bizagi:business_process_management_suitebizagi business process management suiteeq10.0.1
bizagi:business_process_management_suitebizagi business process management suiteeq10.1

CPE	Name	Operator	Version
bizagi:business_process_management_suite	bizagi business process management suite	le	10.2
bizagi:business_process_management_suite	bizagi business process management suite	eq	10.0
bizagi:business_process_management_suite	bizagi business process management suite	eq	10.0.1
bizagi:business_process_management_suite	bizagi business process management suite	eq	10.1