Lucene search

[email protected]CVE-2014-5382

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-5382

2022-10-0316:20:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5382

cross-site scripting

xss

schrack technik microcontrol

firmware 1.7.0

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Schrack Technik microControl with firmware 1.7.0 (937) allow remote attackers to inject arbitrary web script or HTML via the position textbox in the configuration menu or other unspecified vectors.

Affected configurations

NVD

Node

schracktechnik_microcontrol_firmwareMatch1.7.0\(937\)

AND

schracktechnik_microcontrolMatch-

CPENameOperatorVersion
schrack:technik_microcontrol_firmwareschrack technik microcontrol firmwareeq1.7.0\(937\)
schrack:technik_microcontrolschrack technik microcontroleq-

CPE	Name	Operator	Version
schrack:technik_microcontrol_firmware	schrack technik microcontrol firmware	eq	1.7.0\(937\)
schrack:technik_microcontrol	schrack technik microcontrol	eq	-

References

seclists.org/fulldisclosure/2014/Jul/40

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_Schrack_Technik_Microcontrol_Multiple_critical_vulnerabilities_v10.txt

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2014-5382

cvelist1 nvd1 prion1