Lucene search

[email protected]CVE-2014-9685

HistoryFeb 25, 2015 - 10:59 p.m.

CVE-2014-9685

2015-02-2522:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-9685

cross-site scripting

xss

vanilla forums

security vulnerability

remote code injection

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums before 2.0.18.13 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
vanillaforums:vanilla_forumsvanillaforums vanilla forumseq2.1
vanillaforums:vanillavanillaforums vanillale2.0.18.12

CPE	Name	Operator	Version
vanillaforums:vanilla_forums	vanillaforums vanilla forums	eq	2.1
vanillaforums:vanilla	vanillaforums vanilla	le	2.0.18.12

References

vanillaforums.org/discussion/27540/vanilla-2-1-1-important-security-bug-release

vanillaforums.org/discussion/27541/vanilla-2-0-18-12-security-release-for-old-2-0-18-installs

www.securitytracker.com/id/1031822

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for CVE-2014-9685

prion1 cvelist1