Lucene search

[email protected]CVE-2014-2965

HistoryJul 03, 2014 - 2:55 p.m.

CVE-2014-2965

2014-07-0314:55:06

CWE-79

[email protected]

web.nvd.nist.gov

cve

2014

2965

cross-site scripting

xss

vulnerability

auth-settings-x.php

spamtitan

remote attackers

web script

html

sortdir parameter

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.

Affected configurations

NVD

Node

spamtitanspamtitanRange≤6.03

spamtitanspamtitanMatch5.04

spamtitanspamtitanMatch5.05

spamtitanspamtitanMatch5.06

spamtitanspamtitanMatch5.07

spamtitanspamtitanMatch5.08

spamtitanspamtitanMatch5.10

spamtitanspamtitanMatch5.11

spamtitanspamtitanMatch5.12

spamtitanspamtitanMatch5.13

spamtitanspamtitanMatch6.00

spamtitanspamtitanMatch6.01

CPENameOperatorVersion
spamtitan:spamtitanspamtitanle6.03
spamtitan:spamtitanspamtitaneq5.04
spamtitan:spamtitanspamtitaneq5.05
spamtitan:spamtitanspamtitaneq5.06
spamtitan:spamtitanspamtitaneq5.07
spamtitan:spamtitanspamtitaneq5.08
spamtitan:spamtitanspamtitaneq5.10
spamtitan:spamtitanspamtitaneq5.11
spamtitan:spamtitanspamtitaneq5.12
spamtitan:spamtitanspamtitaneq5.13

CPE	Name	Operator	Version
spamtitan:spamtitan	spamtitan	le	6.03
spamtitan:spamtitan	spamtitan	eq	5.04
spamtitan:spamtitan	spamtitan	eq	5.05
spamtitan:spamtitan	spamtitan	eq	5.06
spamtitan:spamtitan	spamtitan	eq	5.07
spamtitan:spamtitan	spamtitan	eq	5.08
spamtitan:spamtitan	spamtitan	eq	5.10
spamtitan:spamtitan	spamtitan	eq	5.11
spamtitan:spamtitan	spamtitan	eq	5.12
spamtitan:spamtitan	spamtitan	eq	5.13

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Jun/113

www.kb.cert.org/vuls/id/849500

www.securityfocus.com/bid/68143

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVE-2014-2965

prion1 cvelist1 cert1 nvd1