Lucene search

[email protected]CVE-2014-4734

HistoryJul 21, 2014 - 2:55 p.m.

CVE-2014-4734

2014-07-2114:55:06

CWE-79

[email protected]

web.nvd.nist.gov

cve

2014

4734

cross-site scripting

xss

e107

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

Affected configurations

NVD

Node

e107e107Range≤2.0alpha2

e107e107Match2.0alpha1

CPENameOperatorVersion
e107:e107e107le2.0

CPE	Name	Operator	Version
e107:e107	e107	le	2.0

References

packetstormsecurity.com/files/127499/e107-2.0-alpha2-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/532801/100/0/threaded

www.securityfocus.com/bid/68674

github.com/e107inc/e107/commit/f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1

www.htbridge.com/advisory/HTB23220

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2014-4734

htbridge1 securityvulns2 packetstorm1 prion1 cvelist1 zdt1 nvd1