Lucene search

[email protected]CVE-2014-5257

HistoryNov 06, 2014 - 3:55 p.m.

CVE-2014-5257

2014-11-0615:55:08

CWE-79

[email protected]

web.nvd.nist.gov

xss

vulnerabilities

forma lms

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.

Affected configurations

NVD

Node

formalmsformalmsRange≤1.2.1

CPENameOperatorVersion
formalms:formalmsformalmsle1.2.1

CPE	Name	Operator	Version
formalms:formalms	formalms	le	1.2.1

References

packetstormsecurity.com/files/128978/Forma-Lms-1.2.1-Cross-Site-Scripting.html

sourceforge.net/projects/forma/files/version%201.x/formalms-v1.2.1-p01.zip/download

www.securityfocus.com/archive/1/533905/100/0/threaded

www.securityfocus.com/bid/70914

www.htbridge.com/advisory/HTB23226

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2014-5257

htbridge1 securityvulns2 prion1 packetstorm1 nvd1 cvelist1