Lucene search

MitreCVE-2014-6237

HistorySep 11, 2014 - 2:16 p.m.

CVE-2014-6237

2014-09-1114:16:05

CWE-79

mitre

web.nvd.nist.gov

cve

2014

6237

cross-site scripting

xss

typo3

news pack

extension

security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

news_pack_projectnews_packMatch0.1.0typo3

VendorProductVersionCPE
news_pack_projectnews_pack0.1.0cpe:2.3:a:news_pack_project:news_pack:0.1.0:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
news_pack_project	news_pack	0.1.0	cpe:2.3:a:news_pack_project:news_pack:0.1.0:::::typo3::

References

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010

www.securityfocus.com/bid/69567

exchange.xforce.ibmcloud.com/vulnerabilities/95708

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for CVE-2014-6237