Lucene search

[email protected]CVE-2014-8539

HistoryNov 21, 2014 - 3:59 p.m.

CVE-2014-8539

2014-11-2115:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8539

cross-site scripting

xss

simple email form

nvd

security vulnerability

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.

CPENameOperatorVersion
simple_email_form_project:simple_email_formsimple email form project simple email formle1.8.5

CPE	Name	Operator	Version
simple_email_form_project:simple_email_form	simple email form project simple email form	le	1.8.5

References

packetstormsecurity.com/files/129171/Joomla-Simple-Email-Form-1.8.5-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/534017/100/0/threaded

www.securityfocus.com/bid/71131

www.htbridge.com/advisory/HTB23241

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2014-8539

securityvulns2 htbridge1 packetstorm1 prion1 zdt1