Lucene search

[email protected]CVE-2014-3737

HistoryJul 02, 2014 - 8:55 p.m.

CVE-2014-3737

2014-07-0220:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3737

cross-site scripting

xss vulnerability

lamp design storesprite

remote attackers

web script injection

html injection

path_info

brand.php

currencyurl function

5.8 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.

CPENameOperatorVersion
storesprite:storespritestorespritele7_24-04-13

CPE	Name	Operator	Version
storesprite:storesprite	storesprite	le	7_24-04-13

References

packetstormsecurity.com/files/127221/Storesprite-7-Cross-Site-Scripting.html

secunia.com/advisories/59524

www.securityfocus.com/archive/1/532552/100/0/threaded

www.securityfocus.com/bid/68197

www.storesprite.com/docs/26/htb23215_xss_vulnerability/

www.htbridge.com/advisory/HTB23215

5.8 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.6%

JSON

Related for CVE-2014-3737

htbridge1 packetstorm1 prion1 securityvulns2