Lucene search

[email protected]CVE-2015-4660

HistoryJun 18, 2015 - 6:59 p.m.

CVE-2015-4660

2015-06-1818:59:12

CWE-79

[email protected]

web.nvd.nist.gov

cve

2015

4660

cross-site scripting

xss

vulnerability

enhanced sql portal 5.0.7961

remote attackers

arbitrary web script

html

iframe.php

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php.

Affected configurations

NVD

Node

eliacomenhanced_sql_portalMatch5.0.7961

CPENameOperatorVersion
eliacom:enhanced_sql_portaleliacom enhanced sql portaleq5.0.7961

CPE	Name	Operator	Version
eliacom:enhanced_sql_portal	eliacom enhanced sql portal	eq	5.0.7961

References

hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt

packetstormsecurity.com/files/132122/Enhanced-SQL-Portal-5.0.7961-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/535661/100/0/threaded

www.securityfocus.com/bid/74946

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVE-2015-4660

packetstorm1 cvelist1 nvd1 prion1