Lucene search

[email protected]CVE-2014-6238

HistorySep 11, 2014 - 2:16 p.m.

CVE-2014-6238

2014-09-1114:16:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-6238

cross-site scripting

xss vulnerability

akronymmanager

typo3

security

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

akronymmanager_projectakronymmanagerRange≤0.5.0typo3

CPENameOperatorVersion
akronymmanager_project:akronymmanagerakronymmanager project akronymmanagerle0.5.0

CPE	Name	Operator	Version
akronymmanager_project:akronymmanager	akronymmanager project akronymmanager	le	0.5.0

References

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010

www.securityfocus.com/bid/69570

exchange.xforce.ibmcloud.com/vulnerabilities/95709

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVE-2014-6238

nvd1 cvelist1 prion1 typo31