Lucene search

[email protected]CVE-2014-5276

HistoryOct 20, 2014 - 4:55 p.m.

CVE-2014-5276

2014-10-2016:55:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5276

cross-site scripting

xss

pro chat rooms

text chat rooms

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

Affected configurations

NVD

Node

pro_chat_roomstext_chat_roomsMatch8.2.0

CPENameOperatorVersion
pro_chat_rooms:text_chat_roomspro chat rooms text chat roomseq8.2.0

CPE	Name	Operator	Version
pro_chat_rooms:text_chat_rooms	pro chat rooms text chat rooms	eq	8.2.0

References

archives.neohapsis.com/archives/bugtraq/2014-08/0026.html

packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html

www.exploit-db.com/exploits/34275

exchange.xforce.ibmcloud.com/vulnerabilities/95125

exchange.xforce.ibmcloud.com/vulnerabilities/95126

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2014-5276

nvd1 prion1 cvelist1