[email protected]CVE-2014-8793

HistoryDec 19, 2014 - 3:59 p.m.

CVE-2014-8793

2014-12-1915:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-8793

cross-site scripting

xss

vulnerability

revive adserver

nvd

web script

html

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.

CPENameOperatorVersion
revive-adserver:revive_adserverrevive-adserver revive adserverle3.0.5

CPE	Name	Operator	Version
revive-adserver:revive_adserver	revive-adserver revive adserver	le	3.0.5

References

packetstormsecurity.com/files/129621/Revive-Adserver-3.0.5-Cross-Site-Scripting-Denial-Of-Service.html

packetstormsecurity.com/files/129622/Revive-Adserver-3.0.5-Cross-Site-Scripting.html

www.revive-adserver.com/security/revive-sa-2014-002/

www.securityfocus.com/archive/1/534264/100/0/threaded

www.securityfocus.com/archive/1/534269/100/0/threaded

www.securityfocus.com/bid/71718

github.com/revive-adserver/revive-adserver/commit/2be73f9

www.htbridge.com/advisory/HTB23242

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for CVE-2014-8793

securityvulns3 htbridge1 prion1 packetstorm2 openvas1 nessus1