Lucene search

[email protected]CVE-2014-3207

HistoryMay 08, 2014 - 2:29 p.m.

CVE-2014-3207

2014-05-0814:29:15

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3207

xss

vulnerability

wserver.ml

sks keyserver

web script

html

path_info

pks/lookup/undefined1

nvd

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.3%

JSON

Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.

Affected configurations

NVD

Node

sks_keyserver_projectsks_keyserverRange≤1.1.4

sks_keyserver_projectsks_keyserverMatch0.1.0

sks_keyserver_projectsks_keyserverMatch0.1.1

sks_keyserver_projectsks_keyserverMatch0.1.2

sks_keyserver_projectsks_keyserverMatch0.1.3

sks_keyserver_projectsks_keyserverMatch1.0.2

sks_keyserver_projectsks_keyserverMatch1.0.3

sks_keyserver_projectsks_keyserverMatch1.0.5

sks_keyserver_projectsks_keyserverMatch1.1.0

sks_keyserver_projectsks_keyserverMatch1.1.1

sks_keyserver_projectsks_keyserverMatch1.1.2

sks_keyserver_projectsks_keyserverMatch1.1.3

CPENameOperatorVersion
sks_keyserver_project:sks_keyserversks keyserver project sks keyserverle1.1.4
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq0.1.0
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq0.1.1
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq0.1.2
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq0.1.3
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq1.0.2
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq1.0.3
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq1.0.5
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq1.1.0
sks_keyserver_project:sks_keyserversks keyserver project sks keyservereq1.1.1

CPE	Name	Operator	Version
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	le	1.1.4
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	0.1.0
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	0.1.1
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	0.1.2
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	0.1.3
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	1.0.2
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	1.0.3
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	1.0.5
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	1.1.0
sks_keyserver_project:sks_keyserver	sks keyserver project sks keyserver	eq	1.1.1