Lucene search

MitreCVE-2014-3926

HistoryMar 13, 2017 - 4:59 p.m.

CVE-2014-3926

2017-03-1316:59:00

CWE-79

mitre

web.nvd.nist.gov

cve-2014-3926

cross-site scripting

xss

lg.cgi

cougar lg 1.9

vulnerability

remote attackers

web script

html

addr parameter

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.9%

JSON

Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the “addr” parameter.

Affected configurations

Nvd

Node

lg_projectlgRange≤1.8

VendorProductVersionCPE
lg_projectlg*cpe:2.3:a:lg_project:lg:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lg_project	lg	*	cpe:2.3:a:lg_project:lg::::::::

References

blog.talosintelligence.com/2014/09/looking-glasses-with-bacon.html

gist.github.com/bittorrent3389/8fee7cdaa73d1d351ee9

github.com/Cougar/lg/issues/3

hackerone.com/reports/16330

tools.cisco.com/security/center/viewAlert.x?alertId=35685

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

70.9%

JSON

Related for CVE-2014-3926