Lucene search

[email protected]CVE-2014-9522

HistoryJan 05, 2015 - 8:59 p.m.

CVE-2014-9522

2015-01-0520:59:18

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-9522

xss

cms

papoo light

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Affected configurations

NVD

Node

papoocms_papoo_lightMatch6.0.0

CPENameOperatorVersion
papoo:cms_papoo_lightpapoo cms papoo lighteq6.0.0

CPE	Name	Operator	Version
papoo:cms_papoo_light	papoo cms papoo light	eq	6.0.0

References

osvdb.org/show/osvdb/115944

packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html

sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html

www.exploit-db.com/exploits/35551

www.securityfocus.com/archive/1/534243/100/0/threaded

www.securityfocus.com/bid/71676

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2014-9522

cvelist1 nvd1 prion1