Lucene search
HistoryOct 31, 2014 - 2:55 p.m.
CVE-2014-7987
cve-2014-7987
cross-site scripting
xss vulnerability
espocrm
web script injection
html injection
nvd
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.1%
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| espocrm:espocrm | espocrm | le | 2.5.2 |
Related
prion
prion
Cross site scripting
2014-10-31 14:55:00
packetstorm
packetstorm
EspoCRM 2.5.2 XSS / LFI / Access Control
2014-10-29 00:00:00
zdt
zdt
EspoCRM 2.5.2 XSS / LFI / Access Control Vulnerabilities
2014-10-30 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in EspoCRM
2014-11-03 00:00:00
htbridge
htbridge
Multiple vulnerabilities in EspoCRM
2014-10-08 00:00:00
openvas
openvas
EspoCRM '/install/index.php' Multiple Vulnerabilities
2014-10-30 00:00:00
5.7 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.1%
Related for CVE-2014-7987