Lucene search

[email protected]CVE-2014-4694

HistoryJul 02, 2014 - 10:35 a.m.

CVE-2014-4694

2014-07-0210:35:26

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-4694

cross-site scripting

xss vulnerabilities

suricata

pfsense

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.

Affected configurations

NVD

Node

netgatepfsenseRange≤2.1.4

netgatepfsenseMatch2.1.3

pfsensesuricata_packageRange≤1.0.5

CPENameOperatorVersion
netgate:pfsensenetgate pfsensele2.1.4
netgate:pfsensenetgate pfsenseeq2.1.3
pfsense:suricata_packagepfsense suricata packagele1.0.5

CPE	Name	Operator	Version
netgate:pfsense	netgate pfsense	le	2.1.4
netgate:pfsense	netgate pfsense	eq	2.1.3
pfsense:suricata_package	pfsense suricata package	le	1.0.5

References

pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for CVE-2014-4694

prion1 cvelist1 nvd1